Ga naar inhoud

Computer is erg sloom na het inlog scherm

WINhans

Door WINhans
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Dit logje is OK nu.

Volgende controle.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites
WINhans Leerling

WINhans

Geplaatst:
  • Auteur
Geplaatst:

Log:

ComboFix 11-10-20.05 - Hans 20-10-2011 17:49:45.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1198 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Hans\Bureaublad\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\DFR4.tmp

C:\DFR41.tmp

C:\DFR42.tmp

C:\DFR453.tmp

C:\DFR6.tmp

c:\documents and settings\Hans\Application Data\Local

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\(2).ddr

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\(3).ddr

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\(4).ddr

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\.ddr

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\1.ddi

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\4.ddi

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\5.ddi

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\6.ddi

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\settings.ddi

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\documents and settings\Hans\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp

c:\windows\system32\d3d9caps.dat

c:\windows\system32\Thumbs.db

c:\windows\system32\wl.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-20 to 2011-10-20 ))))))))))))))))))))))))))))))

.

.

2011-10-19 15:48 . 2011-10-19 15:48 -------- d-----w- c:\documents and settings\Hans\Application Data\Malwarebytes

2011-10-19 15:48 . 2011-10-19 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-19 15:48 . 2011-10-19 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-19 15:48 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 13:56 . 2011-10-19 13:56 388096 ----a-r- c:\documents and settings\Hans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-19 13:56 . 2011-10-19 13:56 -------- d-----w- c:\program files\Trend Micro

2011-10-18 12:55 . 2011-10-18 13:01 -------- d-----w- c:\documents and settings\Administrator

2011-10-01 17:38 . 2011-10-01 17:38 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-10-01 17:38 . 2011-10-01 17:38 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2008-04-15 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2008-04-15 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 14:09 . 2008-04-15 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:41 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:41 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:41 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:58 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-04-15 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2010-10-01 07:11 . 2010-12-29 16:14 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe

2010-07-25 10:58 . 2010-07-25 10:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-25 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-3-8 146944]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Hans^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-12-14 16:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]

2009-12-30 23:25 1208832 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-07-25 10:58 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-11-05 14:23 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-04-18 15:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-10-14 16:51 1242448 ----a-w- c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-25 13:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wscsvc"=2 (0x2)

"FileZilla Server"=2 (0x2)

"TeamViewer5"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=2 (0x2)

"gupdate"=2 (0x2)

"GoogleDesktopManager-051210-111108"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TeamViewer6"=2 (0x2)

"SwitchBoard"=3 (0x3)

"rpcapd"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"nSvcIp"=2 (0x2)

"MyWebSearchService"=2 (0x2)

"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)

"CrossLoopService"=2 (0x2)

"tvnserver"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"gupdatem"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Documents and Settings\\Hans\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"c:\\Documents and Settings\\Hans\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57716:TCP"= 57716:TCP:Pando Media Booster

"57716:UDP"= 57716:UDP:Pando Media Booster

"57576:TCP"= 57576:TCP:Pando Media Booster

"57576:UDP"= 57576:UDP:Pando Media Booster

"5910:TCP"= 5910:TCP:vnc5910

"1034:TCP"= 1034:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [24-6-2010 18:50 106904]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15-4-2008 14:00 14336]

R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [24-6-2010 18:50 567464]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24-6-2010 18:50 136360]

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [22-2-2007 11:28 30864]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-10-2011 17:48 366152]

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24-6-2010 14:46 28256]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [24-6-2010 18:50 82952]

R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [16-7-2011 17:36 23432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-10-2011 17:48 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [28-3-2009 20:00 31392]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [28-3-2009 19:59 238080]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]

S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24-6-2010 14:46 28256]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [14-7-2009 15:35 19720]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [16-7-2011 19:16 14856]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10-5-2010 11:44 22328]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10-5-2010 11:44 25912]

S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10-5-2010 11:44 16696]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25-1-2007 19:31 42000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]

S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]

S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Hans\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [26-12-2010 15:06 560848]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25-6-2010 15:18 30192]

S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25-6-2010 15:19 136176]

S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25-6-2010 15:19 136176]

S4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-2-2010 13:37 517096]

S4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [28-6-2010 9:20 173352]

S4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [30-11-2010 19:08 2222376]

S4 tvnserver;TightVNC Server;c:\documents and settings\Hans\Local Settings\Application Data\CrossLoop\tvnserver.exe [26-12-2010 15:06 814080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-HANS-869825C078-Hans.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-08 02:44]

.

2011-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-10-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-25 15:45]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 13:19]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 13:19]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvLsp.dll

Trusted Zone: com\www.msi

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\pzxua3dh.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.buzqo.com/?cfg=2-401-0-2JLsY

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)

MSConfigStartUp-Form1 - c:\documents and settings\Hans\Mijn documenten\Downloads\server.exe

MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-20 17:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1976)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(2032)

c:\windows\system32\nvLsp.dll

.

- - - - - - - > 'explorer.exe'(3144)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Google\Update\1.3.21.69\GoogleCrashHandler.exe

c:\program files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe

c:\program files\MicroStar\WLANUtility\WLAN_Service.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2011-10-20 18:01:07 - machine werd herstart

ComboFix-quarantined-files.txt 2011-10-20 16:00

.

Pre-Run: 45.025.345.536 bytes beschikbaar

Post-Run: 45.725.106.176 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - EA5E3EC23008E54FEC0E186618F5A3DA

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\pzxua3dh.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
WINhans Leerling

WINhans

Geplaatst:
  • Auteur
Geplaatst:

Ik weet niet zeker of ik het goed heb gedaan

log:

ComboFix 11-10-20.05 - Hans 20-10-2011 19:07:20.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1392 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Hans\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Hans\Bureaublad\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-20 to 2011-10-20 ))))))))))))))))))))))))))))))

.

.

2011-10-19 15:48 . 2011-10-19 15:48 -------- d-----w- c:\documents and settings\Hans\Application Data\Malwarebytes

2011-10-19 15:48 . 2011-10-19 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-19 15:48 . 2011-10-19 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-19 15:48 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 13:56 . 2011-10-19 13:56 388096 ----a-r- c:\documents and settings\Hans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-19 13:56 . 2011-10-19 13:56 -------- d-----w- c:\program files\Trend Micro

2011-10-18 12:55 . 2011-10-18 13:01 -------- d-----w- c:\documents and settings\Administrator

2011-10-01 17:38 . 2011-10-01 17:38 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-10-01 17:38 . 2011-10-01 17:38 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2008-04-15 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2008-04-15 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 14:09 . 2008-04-15 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:41 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:41 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:41 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:58 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-04-15 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2010-10-01 07:11 . 2010-12-29 16:14 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe

2010-07-25 10:58 . 2010-07-25 10:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-25 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-3-8 146944]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Hans^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-12-14 16:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]

2009-12-30 23:25 1208832 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-07-25 10:58 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-11-05 14:23 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-04-18 15:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-10-14 16:51 1242448 ----a-w- c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-25 13:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wscsvc"=2 (0x2)

"FileZilla Server"=2 (0x2)

"TeamViewer5"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=2 (0x2)

"gupdate"=2 (0x2)

"GoogleDesktopManager-051210-111108"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TeamViewer6"=2 (0x2)

"SwitchBoard"=3 (0x3)

"rpcapd"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"nSvcIp"=2 (0x2)

"MyWebSearchService"=2 (0x2)

"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)

"CrossLoopService"=2 (0x2)

"tvnserver"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"gupdatem"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Documents and Settings\\Hans\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"c:\\Documents and Settings\\Hans\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57716:TCP"= 57716:TCP:Pando Media Booster

"57716:UDP"= 57716:UDP:Pando Media Booster

"57576:TCP"= 57576:TCP:Pando Media Booster

"57576:UDP"= 57576:UDP:Pando Media Booster

"5910:TCP"= 5910:TCP:vnc5910

"1173:TCP"= 1173:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [24-6-2010 18:50 106904]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15-4-2008 14:00 14336]

R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [24-6-2010 18:50 567464]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24-6-2010 18:50 136360]

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [22-2-2007 11:28 30864]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-10-2011 17:48 366152]

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24-6-2010 14:46 28256]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [24-6-2010 18:50 82952]

R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [16-7-2011 17:36 23432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-10-2011 17:48 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [28-3-2009 20:00 31392]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [28-3-2009 19:59 238080]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]

S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24-6-2010 14:46 28256]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [14-7-2009 15:35 19720]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [16-7-2011 19:16 14856]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10-5-2010 11:44 22328]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10-5-2010 11:44 25912]

S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10-5-2010 11:44 16696]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25-1-2007 19:31 42000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]

S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]

S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Hans\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [26-12-2010 15:06 560848]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25-6-2010 15:18 30192]

S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25-6-2010 15:19 136176]

S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25-6-2010 15:19 136176]

S4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-2-2010 13:37 517096]

S4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [28-6-2010 9:20 173352]

S4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [30-11-2010 19:08 2222376]

S4 tvnserver;TightVNC Server;c:\documents and settings\Hans\Local Settings\Application Data\CrossLoop\tvnserver.exe [26-12-2010 15:06 814080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-HANS-869825C078-Hans.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-08 02:44]

.

2011-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-10-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-25 15:45]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 13:19]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 13:19]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvLsp.dll

Trusted Zone: com\www.msi

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\pzxua3dh.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-20 19:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1976)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(2032)

c:\windows\system32\nvLsp.dll

.

- - - - - - - > 'explorer.exe'(2636)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2011-10-20 19:16:23

ComboFix-quarantined-files.txt 2011-10-20 17:16

ComboFix2.txt 2011-10-20 16:01

.

Pre-Run: 46.475.382.784 bytes beschikbaar

Post-Run: 46.460.645.376 bytes beschikbaar

.

- - End Of File - - 0CDADC1B103BE02AB0E908FE55ACC272

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Er is een berg (besmettelijke) rotzooi van de PC gehaald. Dat is alvast een zekerheid. Om alle restjes op te ruimen mag je nog het volgende doen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.