Vista heel traag en hangt veel vast

kweezie wabbit · 27 februari 2011

Logje is OK.

Hoe is het nu met de snelheid en het "hangen"?

27 februari 2011

Het is niet echt beter moet ik zeggen

kape · 27 februari 2011

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

27 februari 2011

hier mijn combofix logfile

ComboFix 11-02-26.02 - Martijn 27/02/2011 19:32:09.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1664 [GMT 1:00]

Gestart vanuit: c:\users\Martijn\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

AV: Microsoft Security Essentials *Disabled/Updated* {2E6C4BAB-3371-CD46-62DC-0E0A86B42619}

AV: ZoneAlarm Security Suite Antivirus *Disabled/Outdated* {E9467272-859A-F159-FA9E-55E7E32D7A25}

FW: ZoneAlarm Security Suite Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Microsoft Security Essentials *Disabled/Updated* {950DAA4F-154B-C2C8-586C-3578FD336CA4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Security Suite Anti-Spyware *Disabled/Outdated* {52279396-A3A0-FED7-C02E-6E9598AA3098}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\users\Martijn\AppData\Roaming\Microsoft\Windows\Recent\Website OLVI Paal.url

c:\users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\vzan021a.default\extensions\{16930055-5a63-460f-b9b8-f19bcb59b274}

c:\users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\vzan021a.default\extensions\{16930055-5a63-460f-b9b8-f19bcb59b274}\chrome.manifest

c:\users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\vzan021a.default\extensions\{16930055-5a63-460f-b9b8-f19bcb59b274}\chrome\xulcache.jar

c:\users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\vzan021a.default\extensions\{16930055-5a63-460f-b9b8-f19bcb59b274}\defaults\preferences\xulcache.js

c:\users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\vzan021a.default\extensions\{16930055-5a63-460f-b9b8-f19bcb59b274}\install.rdf

c:\windows\ST6UNST.000

c:\windows\system32\KBL.LOG

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-01-27 to 2011-02-27 ))))))))))))))))))))))))))))))

.

2011-02-27 13:53 . 2011-02-27 13:53 2070 ----a-w- c:\users\Martijn\cc_20110227_145351.reg

2011-02-27 12:53 . 2011-02-27 12:53 21668 ----a-w- c:\users\Martijn\cc_20110227_135353.reg

2011-02-25 18:50 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF54DD9F-CB69-4C8C-AC6C-9231D5310591}\mpengine.dll

2011-02-19 11:50 . 2011-02-19 11:50 -------- d-----w- c:\program files\UnderCoverXP

2011-02-19 09:58 . 2011-02-19 09:58 -------- d-----w- c:\programdata\HP

2011-02-19 09:49 . 2011-02-19 09:49 -------- d-----w- c:\programdata\WindowsSearch

2011-02-19 08:47 . 2011-02-19 08:47 -------- d-----w- c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP

2011-02-19 08:47 . 2011-02-19 10:02 -------- d-----w- c:\users\Martijn\AppData\Roaming\DVD Flick

2011-02-19 08:47 . 2000-11-05 14:27 36864 ----a-w- c:\windows\system32\trayicon.ocx

2011-02-19 08:47 . 2011-02-19 08:47 -------- d-----w- c:\program files\DVD Flick

2011-02-19 08:47 . 2000-05-19 16:56 81920 ----a-w- c:\windows\system32\mbmouse.ocx

2011-02-19 08:44 . 2011-02-19 08:44 -------- d-----w- C:\videodvdmaker

2011-02-19 08:44 . 2011-02-19 08:44 -------- d-----w- c:\users\Martijn\AppData\Roaming\Video DVD Maker FREE

2011-02-19 08:24 . 2011-02-19 08:24 -------- d-----w- c:\users\Martijn\AppData\Roaming\DivX

2011-02-19 08:17 . 2011-02-19 08:18 -------- d-----w- c:\users\Martijn\AppData\Roaming\DeepBurner

2011-02-19 08:17 . 2011-02-19 08:18 -------- d-----w- c:\program files\Astonsoft

2011-02-16 18:35 . 2011-02-16 18:35 -------- d-----w- c:\program files\Common Files\LightScribe

2011-02-16 18:32 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2011-02-16 17:32 . 2011-02-16 17:32 -------- d-----w- c:\windows\system32\custom matrices

2011-02-16 17:32 . 2011-02-16 17:33 -------- d-----w- c:\windows\system32\C2MP

2011-02-16 17:32 . 2011-02-16 17:32 -------- d-----w- c:\windows\system32\QuickTime

2011-02-15 18:28 . 2011-02-15 18:28 -------- d-----w- c:\users\Martijn\AppData\Local\Shareaza

2011-02-15 18:28 . 2011-02-16 12:45 -------- d-----w- c:\users\Martijn\AppData\Roaming\Shareaza

2011-02-15 18:27 . 2011-02-16 12:45 -------- d-----w- c:\program files\Shareaza

2011-02-12 15:51 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-12 15:51 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-12 15:51 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-12 15:51 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-12 15:51 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-12 15:50 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr

2011-02-12 15:50 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-12 15:49 . 2011-02-12 15:49 -------- d-----w- c:\programdata\Alwil Software

2011-02-12 15:49 . 2011-02-12 15:49 -------- d-----w- c:\program files\Alwil Software

2011-02-11 16:02 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-11 16:02 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-10 18:19 . 2011-02-10 19:21 -------- d-----w- c:\programdata\PC Tools

2011-02-10 18:07 . 2011-02-10 18:07 -------- d-----w- c:\users\Martijn\AppData\Roaming\Malwarebytes

2011-02-10 18:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-10 18:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-10 17:53 . 2011-02-10 17:55 12548 ----a-w- c:\users\Martijn\cc_20110210_185345.reg

2011-02-10 16:19 . 2011-02-10 16:19 388096 ----a-r- c:\users\Martijn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-02-10 06:58 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys

2011-02-10 06:56 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-10 06:56 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll

2011-02-07 17:01 . 2011-02-07 17:01 -------- d-----w- c:\users\Martijn\AppData\Local\{51DAC003-E3C2-4457-9018-97AEF633BE04}

2011-02-06 09:09 . 2011-02-06 09:55 -------- d-----w- C:\xampp

2011-02-06 08:58 . 2011-02-06 08:59 -------- d-----w- c:\users\Martijn\AppData\Local\{91E44ED7-8C8D-4AE6-84D8-6E4D7F69B101}

2011-02-05 16:38 . 2011-02-05 16:38 -------- d-----w- c:\program files\ConduitEngine

2011-02-05 16:38 . 2011-02-05 16:38 -------- d-----w- c:\program files\BittorrentBar_NL

2011-02-05 16:24 . 2011-02-05 16:25 -------- d-----w- c:\users\Martijn\AppData\Local\{2087D6CF-C07D-4719-A704-4A5B1C99E522}

2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-01-30 13:12 . 2011-01-30 13:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-01-30 13:12 . 2011-01-30 13:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-01-30 13:12 . 2011-01-30 13:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-01-30 13:12 . 2011-01-30 13:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-01-30 13:12 . 2011-01-30 13:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-01-30 13:12 . 2011-01-30 13:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-01-30 13:12 . 2011-01-30 13:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-01-30 13:11 . 2011-01-30 13:12 -------- d-----w- c:\program files\QuickTime

2011-01-30 13:11 . 2011-01-30 13:11 -------- d-----w- c:\programdata\Apple Computer

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-24 17:51 . 2011-01-15 09:52 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-02-02 20:40 . 2010-04-17 06:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 16:11 . 2009-10-04 11:40 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-16 10:30 . 2011-01-16 10:03 70685 ----a-w- c:\programdata\bdinstall.bin

2010-12-28 15:55 . 2011-01-12 16:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2010-12-16 13:23 . 2010-06-26 06:29 18184 ----a-w- c:\windows\help\OEM\scripts\HC_Launch.exe

2010-12-14 18:50 . 2010-12-14 18:50 13 ---h--w- c:\programdata\ÝÃÄ™˜3113›.sys

2010-12-14 18:47 . 2010-12-14 18:47 13 ---h--w- c:\programdata\ÄÐ3113.sys

2010-12-14 18:40 . 2010-12-14 18:40 13 ---h--w- c:\programdata\ÝÙÃÄ3113›.sys

2010-12-14 14:49 . 2011-01-12 16:55 1169408 ----a-w- c:\windows\system32\sdclt.exe

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

"Google Update"="c:\users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-11-05 745848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\users\Martijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0bootdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2002-12-10 15:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-679413147-3827540954-3699370173-1000]

"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c98e8bef419d32;Google Update Service (gupdate1c98e8bef419d32);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]

R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]

S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-01-29 11392]

S1 aswSP;aswSP; [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-25 537840]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]

S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 34128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

2011-02-27 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-20 13:22]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 10:06]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 10:06]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-679413147-3827540954-3699370173-1000Core.job

- c:\users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 14:27]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-679413147-3827540954-3699370173-1000UA.job

- c:\users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 14:27]

2011-02-27 c:\windows\Tasks\User_Feed_Synchronization-{C0679596-8996-4275-BBB6-89B3B3F79B37}.job

- c:\windows\system32\msfeedssync.exe [2010-09-18 22:42]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

LSP: c:\windows\system32\wpclsp.dll

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)

HKCU-Run-Power2GoExpress - (no file)

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner

AddRemove-PrimaSoft AutoFtp Pro - c:\autoftp\DeIsL1.isu

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-27 19:57

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-02-27 20:00:32

ComboFix-quarantined-files.txt 2011-02-27 19:00

Pre-Run: 124.529.770.496 bytes beschikbaar

Post-Run: 123.917.770.752 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,15

- - End Of File - - F9F571F589D8AF9737533CFF8DFED8A2

kape · 28 februari 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP

c:\users\Martijn\cc_20110210_185345.reg

c:\programdata\ÝÃÄ™˜3113›.sys

c:\programdata\ÄÐ3113.sys

c:\programdata\ÝÙÃÄ3113›.sys

Folder::

c:\users\Martijn\AppData\Local\{51DAC003-E3C2-4457-9018-97AEF633BE04}

c:\users\Martijn\AppData\Local\{91E44ED7-8C8D-4AE6-84D8-6E4D7F69B101}

c:\program files\ConduitEngine

c:\program files\BittorrentBar_NL

c:\users\Martijn\AppData\Local\{2087D6CF-C07D-4719-A704-4A5B1C99E522}

Driver::

aswSP

aswFsBlk

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

28 februari 2011

Hallo,

Mijn nieuwe logfiles

ComboFix 11-02-26.02 - Martijn 28/02/2011 18:14:36.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1706 [GMT 1:00]

Gestart vanuit: c:\users\Martijn\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Martijn\Desktop\CFScript.txt..txt