computer loopt steeds vast

elboujoufi · 14 november 2011

ComboFix 11-11-14.01 - mebec 14-11-2011 16:53:47.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1022.505 [GMT 1:00]

Gestart vanuit: c:\users\mebec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56SJOD3N\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-14 to 2011-11-14 ))))))))))))))))))))))))))))))

.

2011-11-14 16:04 . 2011-11-14 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-14 15:12 . 2011-11-14 15:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\MpKsl0ae1f584.sys

2011-11-14 15:11 . 2011-11-14 15:11 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\offreg.dll

2011-11-14 15:10 . 2011-10-06 18:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\mpengine.dll

2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\programdata\Malwarebytes

2011-11-13 20:39 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-13 20:29 . 2011-11-13 20:57 -------- d-----w- c:\program files\MemTurbo 4

2011-11-13 15:45 . 2011-11-13 15:45 -------- d-----w- c:\program files\Trend Micro

2011-11-13 14:57 . 2011-11-13 14:57 -------- d-----w- c:\program files\Common Files\Java

2011-11-13 14:56 . 2011-11-13 14:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-13 14:56 . 2011-11-13 14:56 -------- d-----w- c:\program files\Java

2011-11-13 14:49 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-11-13 14:47 . 2011-11-13 14:48 -------- d--h--w- c:\windows\msdownld.tmp

2011-11-08 21:38 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-08 21:37 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-08 21:37 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-10-21 02:46 . 2011-10-21 10:58 -------- d-----w- C:\Casino

2011-10-20 03:08 . 2011-10-20 03:08 -------- d-----w- c:\program files\Windows Portable Devices

2011-10-20 03:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2011-10-20 03:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2011-10-20 03:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-10-20 03:04 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2011-10-20 03:04 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2011-10-20 03:04 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2011-10-20 03:04 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2011-10-20 03:04 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2011-10-20 03:04 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2011-10-20 03:04 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-10-20 03:04 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2011-10-20 03:04 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2011-10-20 03:04 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll

2011-10-20 03:04 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2011-10-20 03:04 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2011-10-20 02:29 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-20 02:29 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-20 02:29 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-20 02:29 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-20 02:29 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-10-20 02:29 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-10-20 02:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-10-20 02:28 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-10-20 02:28 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-10-20 02:28 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-20 02:28 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-20 02:28 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-20 02:28 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-20 02:28 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-20 02:27 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll

2011-10-20 02:27 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-20 02:27 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-19 17:33 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-10-19 17:33 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-19 17:33 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll

2011-10-19 17:33 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2011-10-19 17:33 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll

2011-10-19 17:33 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-10-19 17:33 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll

2011-10-19 17:33 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-10-19 17:33 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll

2011-10-19 17:33 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll

2011-10-19 17:32 . 2011-10-19 17:32 -------- d-----w- C:\NVIDIA

2011-10-19 12:57 . 2011-10-19 12:57 98816 ----a-w- c:\windows\system32\mfps.dll

2011-10-19 12:53 . 2011-10-19 12:53 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-10-19 12:53 . 2011-10-19 12:53 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-10-19 12:53 . 2011-10-19 12:53 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-10-19 12:53 . 2011-10-19 12:53 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-10-19 12:53 . 2011-10-19 12:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-10-19 12:53 . 2011-10-19 12:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-10-19 12:53 . 2011-10-19 12:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-10-19 11:05 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-10-19 11:05 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\ca-ES

2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\eu-ES

2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\vi-VN

2011-10-19 02:37 . 2011-10-19 02:37 -------- d-----w- c:\programdata\WindowsSearch

2011-10-19 02:14 . 2011-10-19 02:14 -------- d-----w- c:\windows\system32\EventProviders

2011-10-19 01:35 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2011-10-19 01:28 . 2011-10-19 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-19 01:16 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-10-19 01:14 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll

2011-10-19 01:14 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll

2011-10-19 01:07 . 2009-04-11 06:28 729600 ----a-w- c:\windows\system32\IMJP10K.DLL

2011-10-19 01:06 . 2009-04-11 06:28 663552 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll

2011-10-19 01:05 . 2009-04-11 06:28 90112 ----a-w- c:\windows\system32\wshext.dll

2011-10-19 01:04 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\fdSSDP.dll

2011-10-19 01:03 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll

2011-10-19 01:03 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-10-19 01:03 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll

2011-10-19 01:03 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll

2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll

2011-10-19 01:03 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-10-19 01:02 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll

2011-10-19 01:02 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll

2011-10-19 01:02 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2011-10-19 01:00 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

2011-10-19 00:59 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-10-19 00:59 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-10-19 00:59 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-10-19 00:59 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-10-19 00:59 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-10-19 00:46 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll

2011-10-19 00:44 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll

2011-10-19 00:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2011-10-19 00:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2011-10-19 00:38 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll

2011-10-19 00:38 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll

2011-10-19 00:38 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-10-19 00:38 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-10-19 00:38 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-10-19 00:38 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll

2011-10-19 00:37 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll

2011-10-19 00:37 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll

2011-10-19 00:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-10-19 00:37 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-10-19 00:37 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-10-19 00:37 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-10-19 00:37 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-10-19 00:37 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-10-19 00:37 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-10-19 00:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll

2011-10-19 00:36 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll

2011-10-19 00:36 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe

2011-10-19 00:36 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 12:53 . 2011-10-19 12:53 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui

2011-10-19 00:06 . 2006-12-19 23:29 1312 ----a-w- c:\windows\CLEANUP.CMD

2011-10-18 21:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2011-10-18 21:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2011-10-18 19:41 . 2011-10-18 19:41 40960 ----a-w- c:\windows\system32\drivers\nl-NL\http.sys.mui

2011-10-18 16:56 . 2011-10-18 16:56 2560 ----a-w- c:\windows\apppatch\AcRes.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"????r"="" [?]

"?????????"="??????????????e" [?]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R1 MpKsl2f71d926;MpKsl2f71d926;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKsl2f71d926.sys [x]

R1 MpKslb7afa5e1;MpKslb7afa5e1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EAAE700-E125-42DE-BD16-F8544F2EDDB2}\MpKslb7afa5e1.sys [x]

R1 MpKslccb2cecb;MpKslccb2cecb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKslccb2cecb.sys [x]

R1 MpKslea1d90ec;MpKslea1d90ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB166539-200A-4AF3-ACEE-C204B05A01C9}\MpKslea1d90ec.sys [x]

R1 MpKslfaa32357;MpKslfaa32357;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7DE3B93-CC3F-44D9-8289-87621E11CA47}\MpKslfaa32357.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 MpKsl0ae1f584;MpKsl0ae1f584;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\MpKsl0ae1f584.sys [2011-11-14 28752]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1170464]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSL0AE1F584

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.mebec.weblinker.nl/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://nl.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-11-14 17:04

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5AF05168-A292-98C4-0BA2-9C5E23DC0016}*]

"pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhagfhcklnp"=hex:61,

61,00,6a

"pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhamfehmiok"=hex:61,

61,00,6a

"pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhaffcekicd"=hex:63,

62,6f,6a,68,61,62,6c,6f,68,6b,65,70,6e,66,6b,64,64,6e,6f,6c,6d,66,6e,65,6e,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5940)

c:\windows\system32\MsnChatHook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\ShowErrMsg.dll

.

Voltooingstijd: 2011-11-14 17:08:27

ComboFix-quarantined-files.txt 2011-11-14 16:08

.

Pre-Run: 81.456.549.888 bytes beschikbaar

Post-Run: 81.436.528.640 bytes beschikbaar

.

- - End Of File - - 2DBB7D92F92727149A74A9B1F4CCD4E9

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:16:40, on 14-11-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\mebec\Desktop\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MEBEC Startpagina : Weblinker.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 5442 bytes

kape · 14 november 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"????r"=-

"?????????"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKCU\..\Run: [?????????] ??????????????e

Klik op 'Fix checked' om de items te verwijderen.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

elboujoufi · 14 november 2011

Het lijkt erop dat mijn computer sneller reageert dan eerst, bedankt ervoor, hier het logje

ComboFix 11-11-14.02 - mebec 14-11-2011 18:09:51.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1022.490 [GMT 1:00]

Gestart vanuit: c:\users\mebec\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\mebec\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-14 to 2011-11-14 ))))))))))))))))))))))))))))))

.

2011-11-14 17:18 . 2011-11-14 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-14 16:26 . 2011-11-14 16:26 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38E508BC-705E-401E-BC32-D964ED0EF649}\MpKsl51480e48.sys

2011-11-14 16:26 . 2011-11-14 16:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38E508BC-705E-401E-BC32-D964ED0EF649}\offreg.dll

2011-11-14 16:26 . 2011-10-06 18:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38E508BC-705E-401E-BC32-D964ED0EF649}\mpengine.dll