Ga naar inhoud

trage pc

agie

Door agie
in Archief Internet & Netwerk

 Delen

Aanbevolen berichten

agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Hier nogmaals het ComboFix log en zo te zien een zelfde als voorgaand log.

Betekent dit nu dat alles in orde moet is?

ComboFix 11-03-27.02 - riekie 28-03-2011 18:01:09.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1015.326 [GMT 2:00]

Gestart vanuit: C:\Users\riekie\Desktop\ComboFix.exe

gebruikte Opdracht switches :: C:\Users\riekie\Documents\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\program files\Hitman Pro\hitmanpro2.sys"

"c:\windows\system32\DRIVERS\avgfwd6x.sys"

"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"

"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"

"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"

"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"

aangepast door agie
Link naar reactie
Delen op andere sites
  • Reacties 62
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Het volledig log nu:

ComboFix 11-03-28.05 - riekie 29-03-2011 16:45:11.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1015.164 [GMT 2:00]

Gestart vanuit: c:\users\riekie\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\riekie\AppData\Roaming\inst.exe

c:\windows\system32\jusched.exe

.

---- Voorgaande Run -------

.

c:\users\riekie\AppData\Roaming\inst.exe

.

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AVGFWFD

-------\Legacy_AVGIDSDRIVER

-------\Legacy_AVGIDSEH

-------\Legacy_AVGIDSFILTER

-------\Legacy_AVGIDSSHIM

-------\Legacy_HITMANPRO2

-------\Service_Avgfwfd

-------\Service_AVGIDSDriver

-------\Service_AVGIDSEH

-------\Service_AVGIDSFilter

-------\Service_AVGIDSShim

-------\Service_hitmanpro2

-------\Legacy_AVGFWFD

-------\Legacy_AVGIDSDRIVER

-------\Legacy_AVGIDSEH

-------\Legacy_AVGIDSFILTER

-------\Legacy_AVGIDSSHIM

-------\Legacy_HITMANPRO2

-------\Service_Avgfwfd

-------\Service_AVGIDSDriver

-------\Service_AVGIDSEH

-------\Service_AVGIDSFilter

-------\Service_AVGIDSShim

-------\Service_hitmanpro2

-------\Legacy_AVGFWFD

-------\Legacy_AVGIDSDRIVER

-------\Legacy_AVGIDSEH

-------\Legacy_AVGIDSFILTER

-------\Legacy_AVGIDSSHIM

-------\Legacy_HITMANPRO2

-------\Service_Avgfwfd

-------\Service_AVGIDSDriver

-------\Service_AVGIDSEH

-------\Service_AVGIDSFilter

-------\Service_AVGIDSShim

-------\Service_hitmanpro2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))

.

.

2011-03-29 15:10 . 2011-03-29 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-27 22:20 . 2011-03-27 22:20 -------- d-----w- c:\users\riekie\AppData\Roaming\Tific

2011-03-27 22:20 . 2011-03-27 22:20 -------- d-----w- c:\users\riekie\AppData\Local\Symantec

2011-03-25 20:03 . 2011-03-25 20:03 -------- d-----w- c:\windows\CheckSur

2011-03-25 19:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-25 19:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-25 19:39 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-25 15:10 . 2011-03-25 15:10 -------- d-----w- C:\$RECYCLE(0).BIN

2011-03-22 16:00 . 2011-03-22 16:00 -------- d-----w- C:\$RECYCLE(2).BIN

2011-03-18 23:42 . 2011-03-18 23:52 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-03-18 23:42 . 2011-03-18 23:53 -------- d-----w- c:\program files\Symantec

2011-03-18 23:40 . 2011-03-19 15:03 -------- d-----w- c:\windows\system32\drivers\NAV

2011-03-18 23:40 . 2011-03-18 23:40 -------- d-----w- c:\program files\Norton AntiVirus

2011-03-18 23:40 . 2011-03-18 23:45 -------- d-----w- c:\programdata\Norton

2011-03-18 23:36 . 2011-03-18 23:36 -------- d-----w- c:\program files\NortonInstaller

2011-03-18 23:11 . 2011-03-18 23:11 -------- d-----w- c:\users\riekie\AppData\Roaming\Download Manager

2011-03-18 22:50 . 2011-03-18 22:50 -------- d-----w- c:\programdata\Preventon

2011-03-14 19:10 . 2011-03-14 19:10 388096 ----a-r- c:\users\riekie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-14 19:10 . 2011-03-24 22:38 -------- d-----w- c:\program files\Trend Micro

2011-03-09 15:47 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 15:47 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 15:47 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 15:47 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 15:46 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 15:46 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-08 15:17 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23AB8B9B-9C99-49DF-915C-003290BD8B4F}\mpengine.dll

2011-03-04 17:02 . 2011-03-04 17:02 -------- d-----w- c:\program files\Belastingdienst

2011-03-04 16:48 . 2011-03-04 16:48 -------- d-----w- c:\users\riekie\AppData\Local\FixItCenter

2011-03-04 16:43 . 2011-03-04 16:43 -------- d-----w- c:\windows\MATS

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 14:55 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-02 20:40 . 2010-04-28 17:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 16:11 . 2009-10-03 13:40 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-17 15:35 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-17 15:35 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-17 15:35 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-17 15:35 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-17 15:35 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08 . 2011-02-17 15:35 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07 . 2011-02-17 15:35 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-17 15:35 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-17 15:35 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-17 15:35 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-17 15:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-17 15:35 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-17 15:35 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-17 15:35 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-17 15:35 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-17 15:35 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-17 15:35 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-17 15:35 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-17 15:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-17 15:35 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-17 15:35 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:14 . 2011-02-17 15:35 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:12 . 2011-02-17 15:35 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-17 15:35 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-17 15:35 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47 . 2011-02-17 15:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-17 15:24 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-17 15:50 2039808 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-01 126976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]

backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-04-03 16:00 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]

2011-01-02 11:30 814496 ----a-w- c:\program files\FreeApps\FreeApps.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2011-03-01 16:33 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-06-18 19:01 166424 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2007-05-24 11:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 13:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-06-18 19:01 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN]

2008-06-06 15:08 198184 ----a-w- c:\program files\KPN\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater]

2010-12-22 14:49 1964928 ----a-w- c:\program files\KPN\KPN Update\KPNAssistentUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-06-18 19:01 133656 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]

2008-02-22 02:25 54672 ----a-w- c:\windows\System32\jureg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1753990348-677674000-2389129793-1000]

"EnableNotificationsRef"=dword:00000001

.

R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]

R1 ctredrv.sys;ctredrv.sys;c:\windows\system32\drivers\ctredrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DUMeterSvc;DU Meter Service; [x]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 136176]

R2 SPAMfighter Update Service;SPAMfighter Update Service; [x]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]

R3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [x]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]

R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-03-09 800376]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110325.001\IDSvix86.sys [2010-11-09 353912]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]

S2 iprip;RIP-listener;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]

S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2008-06-06 202016]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-28 102448]

S3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2007-05-11 357376]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

ipripsvc REG_MULTI_SZ iprip

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:06]

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:06]

.

2011-03-29 c:\windows\Tasks\User_Feed_Synchronization-{522C3C04-2DFD-4007-AE2B-05A1BC1F3F9A}.job

- c:\windows\system32\msfeedssync.exe [2011-02-17 04:47]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8&rlz=1T4HPEA_nlNL315NL315

mStart Page = hxxp://www.msn.com

uSearchAssistant = hxxp://www.google.com/ie

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{548F6736-8FE4-4680-82F2-170D6C07E1D2} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-29 17:21

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\windows\system32\DllHost.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmplayer.exe

.

**************************************************************************

.

Voltooingstijd: 2011-03-29 17:28:02 - machine werd herstart

ComboFix-quarantined-files.txt 2011-03-29 15:27

ComboFix2.txt 2011-03-25 15:12

ComboFix3.txt 2011-03-25 13:38

ComboFix4.txt 2011-03-20 21:25

.

Pre-Run: 96.887.750.656 bytes beschikbaar

Post-Run: 96.706.994.176 bytes beschikbaar

.

- - End Of File - - D459A6468C74F1C31D62F711554464BD

aangepast door agie
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\DRIVERS\avgfwd6x.sys

c:\windows\system32\DRIVERS\avfsfilter.sys

c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe

c:\program files\Hitman Pro\hitmanpro2.sys

c:\program files\Application Updater\ApplicationUpdater.exe

c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

c:\windows\system32\DRIVERS\AVGIDSEH.Sys

c:\windows\system32\DRIVERS\AVGIDSFilter.Sys

c:\windows\system32\DRIVERS\AVGIDSShim.Sys

Driver::

Avgfwfd

AVFSFilter

AVG Security Toolbar Service

hitmanpro2

Application Updater

AVGIDSDriver

AVGIDSEH

AVGIDSFilter

AVGIDSShim

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst:

Je hebt wel veel geduld nodig zeg!!!!

Was mijn pc nu zo zwaar bemet?

Hier weer het log:

ComboFix 11-03-28.05 - riekie 29-03-2011 22:04:22.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1015.336 [GMT 2:00]

Gestart vanuit: c:\users\riekie\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\riekie\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files\Application Updater\ApplicationUpdater.exe"

"c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe"

"c:\program files\Hitman Pro\hitmanpro2.sys"

"c:\windows\system32\DRIVERS\avfsfilter.sys"

"c:\windows\system32\DRIVERS\avgfwd6x.sys"

"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"

"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"

"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"

"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

.

----- BITS: Mogelijk geïnfecteerde sites -----

.

hxxp://au.download.windowsupdate.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AVFSFILTER

-------\Legacy_AVGFWFD

-------\Legacy_AVGIDSDRIVER

-------\Legacy_AVGIDSEH

-------\Legacy_AVGIDSFILTER

-------\Legacy_AVGIDSSHIM

-------\Legacy_HITMANPRO2

-------\Service_Application Updater

-------\Service_AVFSFilter

-------\Service_AVG Security Toolbar Service

-------\Service_Avgfwfd

-------\Service_AVGIDSDriver

-------\Service_AVGIDSEH

-------\Service_AVGIDSFilter

-------\Service_AVGIDSShim

-------\Service_hitmanpro2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))

.

.

2011-03-29 20:41 . 2011-03-29 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-27 22:20 . 2011-03-27 22:20 -------- d-----w- c:\users\riekie\AppData\Roaming\Tific

2011-03-27 22:20 . 2011-03-27 22:20 -------- d-----w- c:\users\riekie\AppData\Local\Symantec

2011-03-25 20:03 . 2011-03-25 20:03 -------- d-----w- c:\windows\CheckSur

2011-03-25 19:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-25 19:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-25 19:39 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-25 15:10 . 2011-03-25 15:10 -------- d-----w- C:\$RECYCLE(0).BIN

2011-03-22 16:00 . 2011-03-22 16:00 -------- d-----w- C:\$RECYCLE(2).BIN

2011-03-18 23:42 . 2011-03-18 23:52 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-03-18 23:42 . 2011-03-18 23:53 -------- d-----w- c:\program files\Symantec

2011-03-18 23:40 . 2011-03-19 15:03 -------- d-----w- c:\windows\system32\drivers\NAV

2011-03-18 23:40 . 2011-03-18 23:40 -------- d-----w- c:\program files\Norton AntiVirus

2011-03-18 23:40 . 2011-03-18 23:45 -------- d-----w- c:\programdata\Norton

2011-03-18 23:36 . 2011-03-18 23:36 -------- d-----w- c:\program files\NortonInstaller

2011-03-18 23:11 . 2011-03-18 23:11 -------- d-----w- c:\users\riekie\AppData\Roaming\Download Manager

2011-03-18 22:50 . 2011-03-18 22:50 -------- d-----w- c:\programdata\Preventon

2011-03-14 19:10 . 2011-03-14 19:10 388096 ----a-r- c:\users\riekie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-14 19:10 . 2011-03-24 22:38 -------- d-----w- c:\program files\Trend Micro

2011-03-09 15:47 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 15:47 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 15:47 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 15:47 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 15:46 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 15:46 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-08 15:17 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23AB8B9B-9C99-49DF-915C-003290BD8B4F}\mpengine.dll

2011-03-04 17:02 . 2011-03-04 17:02 -------- d-----w- c:\program files\Belastingdienst

2011-03-04 16:48 . 2011-03-04 16:48 -------- d-----w- c:\users\riekie\AppData\Local\FixItCenter

2011-03-04 16:43 . 2011-03-04 16:43 -------- d-----w- c:\windows\MATS

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 14:55 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-02 20:40 . 2010-04-28 17:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 16:11 . 2009-10-03 13:40 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-17 15:35 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-17 15:35 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-17 15:35 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-17 15:35 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-17 15:35 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08 . 2011-02-17 15:35 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07 . 2011-02-17 15:35 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-17 15:35 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-17 15:35 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-17 15:35 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-17 15:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-17 15:35 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-17 15:35 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-17 15:35 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-17 15:35 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-17 15:35 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-17 15:35 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-17 15:35 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-17 15:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-17 15:35 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-17 15:35 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:14 . 2011-02-17 15:35 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:12 . 2011-02-17 15:35 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-17 15:35 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-17 15:35 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 08:47 . 2011-02-17 15:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-17 15:24 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-17 15:50 2039808 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-01 126976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]

backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-04-03 16:00 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]

2011-01-02 11:30 814496 ----a-w- c:\program files\FreeApps\FreeApps.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2011-03-01 16:33 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-06-18 19:01 166424 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2007-05-24 11:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 13:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-06-18 19:01 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN]

2008-06-06 15:08 198184 ----a-w- c:\program files\KPN\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater]

2010-12-22 14:49 1964928 ----a-w- c:\program files\KPN\KPN Update\KPNAssistentUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-06-18 19:01 133656 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]

2008-02-22 02:25 54672 ----a-w- c:\windows\System32\jureg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1753990348-677674000-2389129793-1000]

"EnableNotificationsRef"=dword:00000001

.

R1 ctredrv.sys;ctredrv.sys;c:\windows\system32\drivers\ctredrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DUMeterSvc;DU Meter Service; [x]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 136176]

R2 SPAMfighter Update Service;SPAMfighter Update Service; [x]

R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-03-09 800376]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110325.001\IDSvix86.sys [2010-11-09 353912]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]

S2 iprip;RIP-listener;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]

S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2008-06-06 202016]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-28 102448]

S3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2007-05-11 357376]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

ipripsvc REG_MULTI_SZ iprip

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:06]

.

2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:06]

.

2011-03-29 c:\windows\Tasks\User_Feed_Synchronization-{522C3C04-2DFD-4007-AE2B-05A1BC1F3F9A}.job

- c:\windows\system32\msfeedssync.exe [2011-02-17 04:47]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8&rlz=1T4HPEA_nlNL315NL315

mStart Page = hxxp://www.msn.com

uSearchAssistant = hxxp://www.google.com/ie

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-29 22:51

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\windows\system32\DllHost.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmplayer.exe

.

**************************************************************************

.

Voltooingstijd: 2011-03-29 23:01:30 - machine werd herstart

ComboFix-quarantined-files.txt 2011-03-29 21:00

ComboFix2.txt 2011-03-29 15:28

ComboFix3.txt 2011-03-25 15:12

ComboFix4.txt 2011-03-25 13:38

ComboFix5.txt 2011-03-29 20:00

.

Pre-Run: 96.781.889.536 bytes beschikbaar

Post-Run: 96.524.673.024 bytes beschikbaar

.

- - End Of File - - AD5BDE13EE0746BA047C8C7C0D61A9D2

Link naar reactie
Delen op andere sites
agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst:

De snelheid is werkelijk een stuk verbetert maar op dit moment werkt het opstartten van google wat traag.

Maar dit is misschien maar een moment opname!

Verder blijft het opstarten van de pc nog steeds erg lang duren [ zeker meer dan 5 min.]

Dat werkt nog steeds lastig!

Link naar reactie
Delen op andere sites
agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst:

Afgelopen dagen geen reactie meer gehad, moet ik dit opvatten dat het probleem van het opstarten van de pc stopt?

Moet ik misschien de vraag als een nieuwe discussie plaatsen en zo ja ,onder welke categorie?

In ieder geval wil ik jullie bedanken voor de fijne hulp en vooral kape die daar een groot aandeel in had!

Link naar reactie
Delen op andere sites
clarkie Grootmeester

clarkie

Geplaatst:
Geplaatst:

Je kan eens een defragmentatie van je harde schijf doen.

Ga hiervoor naar start dan computer.

Klik op computer.

Klik met de rechtermuisknop op je schijf.

Je krijgt het scherm "eigenschappen voor lokale schijf".

Daar ga je naar het tabblad "extra".

Kies nu defragmenteren.

Als dat uitgevoerd is kan er eens gekeken worden of er onnodige programma's mee opstarten.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.