Ga naar inhoud

csrss.exe probleem

bakker86
 Delen

Aanbevolen berichten

bakker86 Groentje

bakker86

Geplaatst:
  • Auteur
Geplaatst:

tot nu toe gelukt (ik schakel de firewall enz weer in)

dit is het logbestandje

ComboFix 11-06-21.05 - venhorst 21-06-2011 22:59:41.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1264 [GMT 2:00]

Gestart vanuit: d:\venhorst\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\HyvesToolbar\Hyves Toolbar\tbHElper.dll

c:\windows\system32\8cb6910.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Parameters

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-21 to 2011-06-21 ))))))))))))))))))))))))))))))

.

.

2011-06-21 11:52 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-21 11:52 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2011-06-21 11:52 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-21 10:39 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E6E6FB-8667-44BF-8B35-DC1836065E3A}\mpengine.dll

2011-06-21 10:34 . 2011-06-21 10:35 -------- d-----w- c:\users\venhorst\AppData\Local\{E3CBE598-D317-48DA-9B23-23644673187F}

2011-06-20 17:54 . 2011-06-20 17:54 -------- d-----w- c:\program files\CCleaner

2011-06-20 17:47 . 2011-06-20 17:47 -------- d-----w- c:\users\venhorst\AppData\Roaming\Reviversoft

2011-06-20 17:47 . 2011-06-15 09:34 16704 ----a-w- c:\windows\system32\roboot.exe

2011-06-20 16:01 . 2011-06-20 16:01 388096 ----a-r- c:\users\venhorst\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-20 16:01 . 2011-06-20 16:01 -------- d-----w- c:\program files\Trend Micro

2011-06-20 14:36 . 2011-06-20 14:36 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-20 14:36 . 2011-06-20 14:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-20 14:36 . 2011-06-20 14:36 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2011-06-20 14:36 . 2011-06-20 14:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-20 14:36 . 2011-06-20 14:36 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-20 14:36 . 2011-06-20 14:36 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe

2011-06-20 14:36 . 2011-06-20 14:36 161792 ----a-w- c:\windows\system32\msls31.dll

2011-06-20 14:36 . 2011-06-20 14:36 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-06-20 14:36 . 2011-06-20 14:36 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe

2011-06-20 14:06 . 2011-06-20 14:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2011-06-20 13:36 . 2011-06-20 13:36 -------- d-----w- c:\users\venhorst\AppData\Local\{5FB75C1F-ECDE-4AF6-AB5A-4AE3AC5420A4}

2011-06-20 11:00 . 2011-06-20 11:00 -------- d-----w- c:\users\Mark\AppData\Local\{64B72EF3-6689-43FE-96EE-98ED7CF49A59}

2011-06-20 03:35 . 2011-06-20 03:35 -------- d-----w- c:\users\Mark\AppData\Local\{026AE78C-C4C7-4E5B-9EBE-14122040B0B1}

2011-06-19 14:32 . 2011-06-19 14:33 -------- d-----w- c:\users\venhorst\AppData\Local\{363610FF-745A-4632-AC92-1DF7D7D68F58}

2011-06-19 09:47 . 2011-06-19 09:47 -------- d-----w- c:\users\Mark\AppData\Local\{026509AF-8C35-466D-9AD1-011C91ECAABB}

2011-06-18 05:26 . 2011-06-18 05:26 -------- d-----w- c:\users\Mark\AppData\Local\{11CA78C0-0E42-484C-871C-9EB01503652F}

2011-06-17 16:59 . 2011-06-17 17:00 -------- d-----w- c:\users\venhorst\AppData\Local\{A568BFB2-2F3E-465B-B589-0ACA487A6374}

2011-06-17 08:05 . 2011-06-17 08:05 -------- d-----w- c:\users\Mark\AppData\Local\{18806BB1-B4F4-41C9-9018-EDE7503ECA78}

2011-06-16 10:35 . 2011-06-16 10:35 -------- d-----w- c:\users\Mark\AppData\Local\{1D02BF8A-9B72-46D1-81C8-24F4F1FFD60A}

2011-06-16 07:08 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 07:08 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 07:08 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 07:08 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 07:08 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 07:08 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 07:08 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 07:08 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 07:08 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 07:08 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-16 07:01 . 2011-06-16 07:01 -------- d-----w- c:\users\venhorst\AppData\Local\{EF72147A-8D59-4AA4-8613-B4D1F6DA43E4}

2011-06-15 11:35 . 2011-06-15 11:35 -------- d-----w- c:\users\venhorst\AppData\Local\{F09E289E-EE3B-4691-B296-55B3CAE9BC3E}

2011-06-15 09:02 . 2011-06-15 09:02 -------- d-----w- c:\users\Mark\AppData\Local\{245D401B-3E48-4137-9C8A-C51A0DA3509F}

2011-06-14 15:05 . 2011-06-14 15:05 -------- d-----w- c:\users\Mark\AppData\Local\{FE4CABB2-8D3E-45D2-8E7C-FB441FB3D932}

2011-06-14 03:04 . 2011-06-14 03:05 -------- d-----w- c:\users\Mark\AppData\Local\{30347CDA-899A-44CA-8FAB-4B336EE79735}

2011-06-13 17:28 . 2011-06-13 17:29 -------- d-----w- c:\users\venhorst\AppData\Local\{0EB245C0-9445-4871-B028-7E69787D3DAA}

2011-06-13 10:05 . 2011-06-13 10:05 -------- d-----w- c:\users\Mark\AppData\Local\{3EA682A2-0BE6-4F88-8EF4-201EE3AEFC66}

2011-06-12 07:21 . 2011-06-12 07:22 -------- d-----w- c:\users\Mark\AppData\Local\{0E9588C6-1C7A-4BF8-9A18-BA8DF02FC7CB}

2011-06-11 11:56 . 2011-06-11 11:56 -------- d-----w- c:\users\venhorst\AppData\Local\{4DF4A96E-EB41-4C79-A35F-70E97DB8496C}

2011-06-11 09:49 . 2011-06-11 09:49 -------- d-----w- c:\users\Mark\AppData\Local\{604C4886-79AC-4EE7-BAAF-CC5879C18FA3}

2011-06-10 04:34 . 2011-06-10 04:34 -------- d-----w- c:\users\Mark\AppData\Local\{53395A9B-918B-4313-8F2C-9CD71BEF64F0}

2011-06-09 18:48 . 2011-06-09 18:48 -------- d-----w- c:\users\venhorst\AppData\Local\{4E73AD9B-1A7E-4DA5-9100-AC83F80D2F84}

2011-06-09 08:02 . 2011-06-09 08:02 -------- d-----w- c:\users\Mark\AppData\Local\{D6C33819-69A4-45F8-85DA-A1AE438F3ECF}

2011-06-08 07:48 . 2011-06-08 07:49 -------- d-----w- c:\users\Mark\AppData\Local\{99F911CC-645E-4BB7-8A16-5CA5061877A5}

2011-06-07 17:37 . 2011-06-07 17:37 -------- d-----w- c:\users\venhorst\AppData\Local\{7D57CF8E-1125-479F-BCAE-2947CA708D6B}

2011-06-07 07:36 . 2011-06-07 07:36 -------- d-----w- c:\users\Mark\AppData\Local\{54724B90-CEE4-4143-958C-170236BCB9D6}

2011-06-06 16:34 . 2011-06-06 16:34 -------- d-----w- c:\users\Mark\AppData\Local\{CDB6DCA2-4D84-4231-8284-08A17CBC7252}

2011-06-06 04:33 . 2011-06-06 04:33 -------- d-----w- c:\users\Mark\AppData\Local\{2FBEFC7A-C47D-4824-96F0-6076562A8F3F}

2011-06-05 19:42 . 2011-06-05 19:43 -------- d-----w- c:\users\venhorst\AppData\Local\{0086579A-385C-430E-A563-5C1F64723560}

2011-06-05 10:05 . 2011-06-05 10:05 -------- d-----w- c:\users\Mark\AppData\Local\{4AD136E0-6B35-48BF-AEBD-7D8AAA972ECA}

2011-06-04 16:45 . 2011-06-04 16:46 -------- d-----w- c:\users\Mark\AppData\Local\{09766101-14F3-4275-B166-17358FC2DE83}

2011-06-04 04:44 . 2011-06-04 04:45 -------- d-----w- c:\users\Mark\AppData\Local\{C461E486-0985-4E64-A0DA-E1FE672691C0}

2011-06-03 08:10 . 2011-06-03 08:10 -------- d-----w- c:\users\Mark\AppData\Local\{DB809130-211F-4283-A522-DF15FC7C6DF5}

2011-06-02 10:08 . 2011-06-02 10:08 -------- d-----w- c:\users\Mark\AppData\Local\{448A1939-F9AB-4E4B-817A-C49DA4C856AB}

2011-06-02 10:01 . 2011-06-02 10:01 -------- d-----w- c:\users\venhorst\AppData\Local\{C3A97BB0-913A-4720-B076-5A0DA3253336}

2011-06-01 20:23 . 2011-06-01 20:24 -------- d-----w- c:\users\venhorst\AppData\Local\{04672E2C-13F9-4CFC-A6AD-2F2310BAB02E}

2011-06-01 09:13 . 2011-06-01 09:13 -------- d-----w- c:\users\Mark\AppData\Local\{0F6AEB5B-1DF7-47FA-A2E8-895D0D9A742F}

2011-05-31 10:41 . 2011-05-31 10:41 -------- d-----w- c:\users\Mark\AppData\Local\{75D8AD08-D2A3-46C4-A323-B3B2A3B94F9C}

2011-05-30 15:13 . 2011-05-30 15:14 -------- d-----w- c:\users\Mark\AppData\Local\{718149D3-068B-46A6-B16C-71763384E652}

2011-05-30 03:12 . 2011-05-30 03:13 -------- d-----w- c:\users\Mark\AppData\Local\{6A8A8214-C911-4377-B8E9-68B7A3ED1E33}

2011-05-29 18:58 . 2011-05-29 18:59 -------- d-----w- c:\users\venhorst\AppData\Local\{6425ADD2-1B1C-4C42-99E0-2323BF370011}

2011-05-29 10:12 . 2011-05-29 10:12 -------- d-----w- c:\users\Mark\AppData\Local\{E01F0E56-9761-4A71-AF13-AC204B05B352}

2011-05-28 08:12 . 2011-05-28 08:13 -------- d-----w- c:\users\Mark\AppData\Local\{3CFEAB6E-3F93-4701-81F8-3BF03AA21471}

2011-05-27 08:32 . 2011-05-27 08:32 -------- d-----w- c:\users\Mark\AppData\Local\{08053603-350D-43E2-AD2E-A21C90C09E0B}

2011-05-26 19:08 . 2011-05-26 19:08 -------- d-----w- c:\users\venhorst\AppData\Local\{528309E5-52D5-4FBD-9A44-1F833B708E6C}

2011-05-26 10:31 . 2011-05-26 10:31 -------- d-----w- c:\users\Mark\AppData\Local\{892C38AD-8066-4990-B4DB-BECFC459B418}

2011-05-25 13:11 . 2011-05-25 13:11 -------- d-----w- c:\users\Mark\AppData\Local\{486212BC-1503-416C-A103-5587BF0029D6}

2011-05-24 09:01 . 2011-05-24 09:01 -------- d-----w- c:\users\Mark\AppData\Local\{B5A39BFF-A4D1-42AC-8C11-1BE49746A571}

2011-05-23 18:55 . 2011-05-23 18:55 -------- d-----w- c:\users\Mark\AppData\Local\{EAA262B5-0869-408F-9B6A-82D2AF395185}

2011-05-23 11:59 . 2011-05-23 11:59 -------- d-----w- c:\users\venhorst\AppData\Local\{4653FD4E-2694-4A5E-BEFB-CFB6201F6390}

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 07:11 . 2011-03-19 04:08 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2011-03-19 04:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-24 17:14 . 2009-10-03 08:00 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-17 15:04 . 2011-05-17 15:04 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-18 18:03 . 2011-03-23 15:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-03 90112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-03 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13515296]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-22 77824]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

c:\users\venhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

setup_9.0.0.722_18.03.2011_10-06[1].lnk - d:\venhorst\Desktop\Virus Removal Tool\setup_9.0.0.722_18.03.2011_10-06[1]\startup.exe [2011-3-18 72208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2008-11-20 09:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]

2007-03-01 06:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

2008-04-10 13:14 1107848 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 13:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-10-22 11:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-12-05 03:31 4710400 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]

2009-01-28 11:07 325768 ----a-w- c:\program files\SPAMfighter\SFAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2824765490-2991581602-2276664270-1001]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R3 FXDrv32;FXDrv32;F:\FXDrv32.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968]

S0 69891592;69891592 Boot Guard Driver;c:\windows\system32\DRIVERS\69891592.sys [2009-10-22 37392]

S1 69891591;69891591;c:\windows\system32\DRIVERS\69891591.sys [2009-09-25 128016]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - FSUSBEXDISK

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03]

.

2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyServer = proxy.arnhem.chello.nl:80

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

FF - ProfilePath -

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll

HKLM-Run-NPSStartup - (no file)

MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

MSConfigStartUp-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-21 23:09

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2824765490-2991581602-2276664270-1000\Software\SecuROM\License information*]

"datasecu"=hex:d9,79,5d,ef,9e,5d,f1,a5,8b,3c,bb,81,23,24,cc,2f,67,95,e4,0e,04,

d0,cf,33,7d,a4,4d,72,e2,d4,02,29,d5,a1,53,10,d3,c4,c5,50,69,8c,4d,bb,5f,6e,\

"rkeysecu"=hex:28,64,c1,a7,73,4b,fa,73,eb,8f,6e,9b,28,f5,1b,35

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\windows\system32\wbem\unsecapp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-21 23:13:26 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-21 21:13

.

Pre-Run: 1.134.051.328 bytes beschikbaar

Post-Run: 1.986.080.768 bytes beschikbaar

.

- - End Of File - - CFFDA7D6D1CDBBA33693FA0DD0EAE751

Link naar reactie
Delen op andere sites
  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::c:\users\venhorst\AppData\Local\{5FB75C1F-ECDE-4AF6-AB5A-4AE3AC5420A4}

c:\users\Mark\AppData\Local\{64B72EF3-6689-43FE-96EE-98ED7CF49A59}

c:\users\Mark\AppData\Local\{026AE78C-C4C7-4E5B-9EBE-14122040B0B1}

c:\users\venhorst\AppData\Local\{363610FF-745A-4632-AC92-1DF7D7D68F58}

c:\users\Mark\AppData\Local\{026509AF-8C35-466D-9AD1-011C91ECAABB}

c:\users\Mark\AppData\Local\{11CA78C0-0E42-484C-871C-9EB01503652F}

c:\users\venhorst\AppData\Local\{A568BFB2-2F3E-465B-B589-0ACA487A6374}

c:\users\Mark\AppData\Local\{18806BB1-B4F4-41C9-9018-EDE7503ECA78}

c:\users\Mark\AppData\Local\{1D02BF8A-9B72-46D1-81C8-24F4F1FFD60A}

c:\users\venhorst\AppData\Local\{EF72147A-8D59-4AA4-8613-B4D1F6DA43E4}

c:\users\venhorst\AppData\Local\{F09E289E-EE3B-4691-B296-55B3CAE9BC3E}

c:\users\Mark\AppData\Local\{245D401B-3E48-4137-9C8A-C51A0DA3509F}

c:\users\Mark\AppData\Local\{FE4CABB2-8D3E-45D2-8E7C-FB441FB3D932}

c:\users\Mark\AppData\Local\{30347CDA-899A-44CA-8FAB-4B336EE79735}

c:\users\venhorst\AppData\Local\{0EB245C0-9445-4871-B028-7E69787D3DAA}

c:\users\Mark\AppData\Local\{3EA682A2-0BE6-4F88-8EF4-201EE3AEFC66}

c:\users\Mark\AppData\Local\{0E9588C6-1C7A-4BF8-9A18-BA8DF02FC7CB}

c:\users\venhorst\AppData\Local\{4DF4A96E-EB41-4C79-A35F-70E97DB8496C}

c:\users\Mark\AppData\Local\{604C4886-79AC-4EE7-BAAF-CC5879C18FA3}

c:\users\Mark\AppData\Local\{53395A9B-918B-4313-8F2C-9CD71BEF64F0}

c:\users\venhorst\AppData\Local\{4E73AD9B-1A7E-4DA5-9100-AC83F80D2F84}

c:\users\Mark\AppData\Local\{D6C33819-69A4-45F8-85DA-A1AE438F3ECF}

c:\users\Mark\AppData\Local\{99F911CC-645E-4BB7-8A16-5CA5061877A5}

c:\users\venhorst\AppData\Local\{7D57CF8E-1125-479F-BCAE-2947CA708D6B}

c:\users\Mark\AppData\Local\{54724B90-CEE4-4143-958C-170236BCB9D6}

c:\users\Mark\AppData\Local\{CDB6DCA2-4D84-4231-8284-08A17CBC7252}

c:\users\Mark\AppData\Local\{2FBEFC7A-C47D-4824-96F0-6076562A8F3F}

c:\users\venhorst\AppData\Local\{0086579A-385C-430E-A563-5C1F64723560}

c:\users\Mark\AppData\Local\{4AD136E0-6B35-48BF-AEBD-7D8AAA972ECA}

c:\users\Mark\AppData\Local\{09766101-14F3-4275-B166-17358FC2DE83}

c:\users\Mark\AppData\Local\{C461E486-0985-4E64-A0DA-E1FE672691C0}

c:\users\Mark\AppData\Local\{DB809130-211F-4283-A522-DF15FC7C6DF5}

c:\users\Mark\AppData\Local\{448A1939-F9AB-4E4B-817A-C49DA4C856AB}

c:\users\venhorst\AppData\Local\{C3A97BB0-913A-4720-B076-5A0DA3253336}

c:\users\venhorst\AppData\Local\{04672E2C-13F9-4CFC-A6AD-2F2310BAB02E}

c:\users\Mark\AppData\Local\{0F6AEB5B-1DF7-47FA-A2E8-895D0D9A742F}

c:\users\Mark\AppData\Local\{75D8AD08-D2A3-46C4-A323-B3B2A3B94F9C}

c:\users\Mark\AppData\Local\{718149D3-068B-46A6-B16C-71763384E652}

c:\users\Mark\AppData\Local\{6A8A8214-C911-4377-B8E9-68B7A3ED1E33}

c:\users\venhorst\AppData\Local\{6425ADD2-1B1C-4C42-99E0-2323BF370011}

c:\users\Mark\AppData\Local\{E01F0E56-9761-4A71-AF13-AC204B05B352}

c:\users\Mark\AppData\Local\{3CFEAB6E-3F93-4701-81F8-3BF03AA21471}

c:\users\Mark\AppData\Local\{08053603-350D-43E2-AD2E-A21C90C09E0B}

c:\users\venhorst\AppData\Local\{528309E5-52D5-4FBD-9A44-1F833B708E6C}

c:\users\Mark\AppData\Local\{892C38AD-8066-4990-B4DB-BECFC459B418}

c:\users\Mark\AppData\Local\{486212BC-1503-416C-A103-5587BF0029D6}

c:\users\Mark\AppData\Local\{B5A39BFF-A4D1-42AC-8C11-1BE49746A571}

c:\users\Mark\AppData\Local\{EAA262B5-0869-408F-9B6A-82D2AF395185}

c:\users\venhorst\AppData\Local\{4653FD4E-2694-4A5E-BEFB-CFB6201F6390}

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat eens weten of er nu nog merkbare problemen zijn ?

Link naar reactie
Delen op andere sites
bakker86 Groentje

bakker86

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-06-21.08 - venhorst 22-06-2011 12:44:23.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1271 [GMT 2:00]

Gestart vanuit: d:\venhorst\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\venhorst\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mark\AppData\Local\{026509AF-8C35-466D-9AD1-011C91ECAABB}

c:\users\Mark\AppData\Local\{026AE78C-C4C7-4E5B-9EBE-14122040B0B1}

c:\users\Mark\AppData\Local\{08053603-350D-43E2-AD2E-A21C90C09E0B}

c:\users\Mark\AppData\Local\{09766101-14F3-4275-B166-17358FC2DE83}

c:\users\Mark\AppData\Local\{0E9588C6-1C7A-4BF8-9A18-BA8DF02FC7CB}

c:\users\Mark\AppData\Local\{0F6AEB5B-1DF7-47FA-A2E8-895D0D9A742F}

c:\users\Mark\AppData\Local\{11CA78C0-0E42-484C-871C-9EB01503652F}

c:\users\Mark\AppData\Local\{18806BB1-B4F4-41C9-9018-EDE7503ECA78}

c:\users\Mark\AppData\Local\{1D02BF8A-9B72-46D1-81C8-24F4F1FFD60A}

c:\users\Mark\AppData\Local\{245D401B-3E48-4137-9C8A-C51A0DA3509F}

c:\users\Mark\AppData\Local\{2FBEFC7A-C47D-4824-96F0-6076562A8F3F}

c:\users\Mark\AppData\Local\{30347CDA-899A-44CA-8FAB-4B336EE79735}

c:\users\Mark\AppData\Local\{3CFEAB6E-3F93-4701-81F8-3BF03AA21471}

c:\users\Mark\AppData\Local\{3EA682A2-0BE6-4F88-8EF4-201EE3AEFC66}

c:\users\Mark\AppData\Local\{448A1939-F9AB-4E4B-817A-C49DA4C856AB}

c:\users\Mark\AppData\Local\{486212BC-1503-416C-A103-5587BF0029D6}

c:\users\Mark\AppData\Local\{4AD136E0-6B35-48BF-AEBD-7D8AAA972ECA}

c:\users\Mark\AppData\Local\{53395A9B-918B-4313-8F2C-9CD71BEF64F0}

c:\users\Mark\AppData\Local\{54724B90-CEE4-4143-958C-170236BCB9D6}

c:\users\Mark\AppData\Local\{604C4886-79AC-4EE7-BAAF-CC5879C18FA3}

c:\users\Mark\AppData\Local\{64B72EF3-6689-43FE-96EE-98ED7CF49A59}

c:\users\Mark\AppData\Local\{6A8A8214-C911-4377-B8E9-68B7A3ED1E33}

c:\users\Mark\AppData\Local\{718149D3-068B-46A6-B16C-71763384E652}

c:\users\Mark\AppData\Local\{75D8AD08-D2A3-46C4-A323-B3B2A3B94F9C}

c:\users\Mark\AppData\Local\{892C38AD-8066-4990-B4DB-BECFC459B418}

c:\users\Mark\AppData\Local\{99F911CC-645E-4BB7-8A16-5CA5061877A5}

c:\users\Mark\AppData\Local\{B5A39BFF-A4D1-42AC-8C11-1BE49746A571}

c:\users\Mark\AppData\Local\{C461E486-0985-4E64-A0DA-E1FE672691C0}

c:\users\Mark\AppData\Local\{CDB6DCA2-4D84-4231-8284-08A17CBC7252}

c:\users\Mark\AppData\Local\{D6C33819-69A4-45F8-85DA-A1AE438F3ECF}

c:\users\Mark\AppData\Local\{DB809130-211F-4283-A522-DF15FC7C6DF5}

c:\users\Mark\AppData\Local\{E01F0E56-9761-4A71-AF13-AC204B05B352}

c:\users\Mark\AppData\Local\{EAA262B5-0869-408F-9B6A-82D2AF395185}

c:\users\Mark\AppData\Local\{FE4CABB2-8D3E-45D2-8E7C-FB441FB3D932}

c:\users\venhorst\AppData\Local\{0086579A-385C-430E-A563-5C1F64723560}

c:\users\venhorst\AppData\Local\{04672E2C-13F9-4CFC-A6AD-2F2310BAB02E}

c:\users\venhorst\AppData\Local\{0EB245C0-9445-4871-B028-7E69787D3DAA}

c:\users\venhorst\AppData\Local\{363610FF-745A-4632-AC92-1DF7D7D68F58}

c:\users\venhorst\AppData\Local\{4653FD4E-2694-4A5E-BEFB-CFB6201F6390}

c:\users\venhorst\AppData\Local\{4DF4A96E-EB41-4C79-A35F-70E97DB8496C}

c:\users\venhorst\AppData\Local\{4E73AD9B-1A7E-4DA5-9100-AC83F80D2F84}

c:\users\venhorst\AppData\Local\{528309E5-52D5-4FBD-9A44-1F833B708E6C}

c:\users\venhorst\AppData\Local\{6425ADD2-1B1C-4C42-99E0-2323BF370011}

c:\users\venhorst\AppData\Local\{7D57CF8E-1125-479F-BCAE-2947CA708D6B}

c:\users\venhorst\AppData\Local\{A568BFB2-2F3E-465B-B589-0ACA487A6374}

c:\users\venhorst\AppData\Local\{C3A97BB0-913A-4720-B076-5A0DA3253336}

c:\users\venhorst\AppData\Local\{EF72147A-8D59-4AA4-8613-B4D1F6DA43E4}

c:\users\venhorst\AppData\Local\{F09E289E-EE3B-4691-B296-55B3CAE9BC3E}

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Parameters

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-22 to 2011-06-22 ))))))))))))))))))))))))))))))

.

.

2011-06-22 10:50 . 2011-06-22 10:51 -------- d-----w- c:\users\venhorst\AppData\Local\temp

2011-06-22 10:50 . 2011-06-22 10:50 -------- d-----w- c:\users\Mark\AppData\Local\temp

2011-06-22 10:50 . 2011-06-22 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-22 10:38 . 2011-06-22 10:42 -------- d-----w- C:\32788R22FWJFW

2011-06-22 05:45 . 2011-06-22 05:45 -------- d-----w- c:\users\venhorst\AppData\Local\{981D65E7-ADC5-4798-A3C5-84A52AE6B675}

2011-06-21 11:52 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-21 11:52 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2011-06-21 11:52 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-21 10:39 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E6E6FB-8667-44BF-8B35-DC1836065E3A}\mpengine.dll

2011-06-21 10:34 . 2011-06-21 10:35 -------- d-----w- c:\users\venhorst\AppData\Local\{E3CBE598-D317-48DA-9B23-23644673187F}

2011-06-20 17:54 . 2011-06-20 17:54 -------- d-----w- c:\program files\CCleaner

2011-06-20 17:47 . 2011-06-20 17:47 -------- d-----w- c:\users\venhorst\AppData\Roaming\Reviversoft

2011-06-20 17:47 . 2011-06-15 09:34 16704 ----a-w- c:\windows\system32\roboot.exe

2011-06-20 16:01 . 2011-06-20 16:01 388096 ----a-r- c:\users\venhorst\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-20 16:01 . 2011-06-20 16:01 -------- d-----w- c:\program files\Trend Micro

2011-06-20 14:36 . 2011-06-20 14:36 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-20 14:36 . 2011-06-20 14:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-20 14:36 . 2011-06-20 14:36 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2011-06-20 14:36 . 2011-06-20 14:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-20 14:36 . 2011-06-20 14:36 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-20 14:36 . 2011-06-20 14:36 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe

2011-06-20 14:36 . 2011-06-20 14:36 161792 ----a-w- c:\windows\system32\msls31.dll

2011-06-20 14:36 . 2011-06-20 14:36 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-06-20 14:36 . 2011-06-20 14:36 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe

2011-06-20 14:06 . 2011-06-20 14:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2011-06-20 13:36 . 2011-06-20 13:36 -------- d-----w- c:\users\venhorst\AppData\Local\{5FB75C1F-ECDE-4AF6-AB5A-4AE3AC5420A4}

2011-06-16 07:08 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 07:08 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 07:08 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 07:08 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 07:08 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 07:08 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 07:08 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 07:08 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 07:08 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 07:08 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 07:11 . 2011-03-19 04:08 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2011-03-19 04:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-24 17:14 . 2009-10-03 08:00 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-17 15:04 . 2011-05-17 15:04 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-18 18:03 . 2011-03-23 15:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-03 90112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-03 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13515296]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-22 77824]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

c:\users\venhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

setup_9.0.0.722_18.03.2011_10-06[1].lnk - d:\venhorst\Desktop\Virus Removal Tool\setup_9.0.0.722_18.03.2011_10-06[1]\startup.exe [2011-3-18 72208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2008-11-20 09:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]

2007-03-01 06:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

2008-04-10 13:14 1107848 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 13:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-10-22 11:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-12-05 03:31 4710400 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]

2009-01-28 11:07 325768 ----a-w- c:\program files\SPAMfighter\SFAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2824765490-2991581602-2276664270-1001]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R3 FXDrv32;FXDrv32;F:\FXDrv32.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968]

S0 69891592;69891592 Boot Guard Driver;c:\windows\system32\DRIVERS\69891592.sys [2009-10-22 37392]

S1 69891591;69891591;c:\windows\system32\DRIVERS\69891591.sys [2009-09-25 128016]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03]

.

2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyServer = proxy.arnhem.chello.nl:80

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

FF - ProfilePath -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-22 12:51

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2824765490-2991581602-2276664270-1000\Software\SecuROM\License information*]

"datasecu"=hex:d9,79,5d,ef,9e,5d,f1,a5,8b,3c,bb,81,23,24,cc,2f,67,95,e4,0e,04,

d0,cf,33,7d,a4,4d,72,e2,d4,02,29,d5,a1,53,10,d3,c4,c5,50,69,8c,4d,bb,5f,6e,\

"rkeysecu"=hex:28,64,c1,a7,73,4b,fa,73,eb,8f,6e,9b,28,f5,1b,35

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\windows\system32\wbem\unsecapp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-22 12:56:33 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-22 10:56

ComboFix2.txt 2011-06-21 21:13

.

Pre-Run: 2.023.362.560 bytes beschikbaar

Post-Run: 1.975.668.736 bytes beschikbaar

.

- - End Of File - - D46A59B1BAB6FF1E158A05D9B62C886A

gedaan wat je zei

hellaas moet ik melden dat nog steeds het probleem zich voor doet

ik zie wel dat er op de c schijf 3 nieuwe bestandjes zijn

$RECYCLE.BIN

32788R22fwjfw

Qoobox

(de eerste 2 zijn leeg)

de Qoobox

staan een paar bestanden in

zoals map: backEnv

map: quarantine

txt: add-remove programs

txt: cfscript_user-2011-22-12.44.06

txt: combofix2

txt: combofix2-quarantined-files

dat: snapshot@2011-06-22_10.51.51.dat

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Die bestandje zijn eigen aan het gebruik van Combofix en kunnen we later opruimen.

Wil je ondertussen volgende vetgedrukte bestand d:\venhorst\Desktop\Virus Removal Tool\setup_9.0.0.722_18.03.2011_10-06[1]\startup.exe eens scannen bij Jotti en het resultaat hier even neerzetten.

Link naar reactie
Delen op andere sites
bakker86 Groentje

bakker86

Geplaatst:
  • Auteur
Geplaatst:

[h=3]Jotti's malware scan[/h][TABLE=class: top left]

[TR]

[TD=width: 100]Bestandsnaam:[/TD]

[TD]startup.exe[/TD]

[/TR]

[TR]

[TD]Status:[/TD]

[TD]Scan voltooid. 0 uit 20 scanners vonden malware.

[/TD]

[/TR]

[TR]

[TD]Scan genomen op: [/TD]

[TD]do 23 jun 2011 11:40:12 (CET) Permalink[/TD]

[/TR]

[TR]

[TD][/TD]

[TD][/TD]

[TD][/TD]

[TD][/TD]

[/TR]

[/TABLE]

[h=3]Extra informatie[/h][TABLE=class: scannertable]

[TR]

[TD=width: 100]Bestandsgrootte:[/TD]

[TD]72208 bytes[/TD]

[/TR]

[TR]

[TD=width: 100]Bestandstype:[/TD]

[TD]PE32 executable for MS Windows (GUI) Intel 80386 32-bit[/TD]

[/TR]

[TR]

[TD]MD5:[/TD]

[TD]64fc2310ec8dee43cd01ca610d4ebc24[/TD]

[/TR]

[TR]

[TD]SHA1:[/TD]

[TD]4d52ed5bab05d0f6cd646db1167b6ebb2688ec1a[/TD]

[/TR]

[/TABLE]

[h=3]Scanners[/h][TABLE=class: scannertable]

[TR]

[TD=width: 85]arcavir.gif[/TD]

[TD=class: vcentre]arcavir 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]fsecure.gif[/TD]

[TD=class: vcentre]f-secure 2011-06-23 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]avast.gif[/TD]

[TD=class: vcentre]avasst! 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]gdata.gif[/TD]

[TD=class: vcentre]g data 2011-06-23 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]avg.gif[/TD]

[TD=class: vcentre]avg 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]ikarus.gif[/TD]

[TD=class: vcentre]ikarus 2011-06-23 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]avira.gif[/TD]

[TD=class: vcentre]antivir 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]kaspersky.gif[/TD]

[TD=class: vcentre]kaspersky 2011-06-23 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]bitdefender.gif[/TD]

[TD=class: vcentre]bitdefender 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]nod32.gif[/TD]

[TD=class: vcentre]nod 32 2011-06-23 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]clamav.gif[/TD]

[TD=class: vcentre]clam av 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]panda.gif[/TD]

[TD=class: vcentre]panda 2011-06-22 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]cpsecure.gif[/TD]

[TD=class: vcentre]cp secure 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]quickheal.gif[/TD]

[TD=class: vcentre]quick heal 2011-06-23 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]drweb.gif[/TD]

[TD=class: vcentre]dr. web 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]sophos.gif[/TD]

[TD=class: vcentre]sophos 2011-06-23 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]emsisoft.gif[/TD]

[TD=class: vcentre]emsisoft 2011-06-23 Niets gevonden

[/TD]

[TD=width: 85]vba32.gif[/TD]

[TD=class: vcentre]vba32 2011-06-22 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]fprot.gif[/TD]

[TD=class: vcentre]f.prot 2011-06-22 Niets gevonden

[/TD]

[TD=width: 85]virusbuster.gif[/TD]

[TD=class: vcentre]virusbuster 2011-06-22 Niets gevonden

[/TD]

[/TR]

[/TABLE]

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

OK, dan.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Link naar reactie
Delen op andere sites
bakker86 Groentje

bakker86

Geplaatst:
  • Auteur
Geplaatst:

als ik dat invoer bij uitvoeren, dan begint combofix opnieuw met opstarten (er staan geen typische verwijder dingen zoals weet u zeker dat u wilt verwijderen.) ik kan ook geen un unstal linkje vinden op de pc.

dus combofix staat er nog steeds op.

ik heb al wel ccleaner erop staan

Link naar reactie
Delen op andere sites
bakker86 Groentje

bakker86

Geplaatst:
  • Auteur
Geplaatst:

ik heb de naam ingevoerd met hoodletters en spaties en al, hij gaat dus opnieuw scannen. en na het rapport staat hij er nog op

kan ik eventueel niet verder met ccleaner en dan toch combofix erop laten staan

---------- Post toegevoegd om 18:15 ---------- Vorige post was om 18:07 ----------

ben ik weer,

ik heb dus nog wel steeds combofix op de pc staan.

maar wel heb ik 5 keer ccleaner laten scannen (2 keer gaf hij dus fouten aan)

als ik weer mijn eigen account opstart krijg ik jammer genoeg nog steeds de zelfde melding.

het is dus ook nog steeds zo dat als ik msn/ explorer of wat adn ook wil opstarten

dat hij dan vraagt/zoekt naar een bestandje zodat het geopend kan worden.

(wat een gedoe zeg zon virus.)

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.