Ga naar inhoud

iyuna

Aanbevolen berichten

  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Uiteindelijk toch gelukt!

ComboFix 12-01-12.04 - Pieter&Hilde 12/01/2012 23:18:36.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3063.1952 [GMT 1:00]

Gestart vanuit: c:\users\Pieter&Hilde\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Pieter&Hilde\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll

c:\users\PIETER~1\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll

c:\windows\system32\roboot.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-13 to 2012-01-13 ))))))))))))))))))))))))))))))

.

.

2012-01-12 22:26 . 2012-01-13 06:35 -------- d-----w- c:\users\Pieter&Hilde\AppData\Local\temp

2012-01-12 22:26 . 2012-01-12 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-12 17:09 . 2012-01-12 17:09 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\MpKsl64310b37.sys ERROR(0x00000005)

2012-01-12 17:09 . 2012-01-12 22:27 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\offreg.dll ERROR(0x00000005)

2012-01-12 16:18 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\mpengine.dll ERROR(0x00000005)

2012-01-11 13:47 . 2012-01-11 13:47 -------- d-----w- c:\users\Pieter&Hilde\AppData\Roaming\Malwarebytes

2012-01-11 13:44 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-11 13:44 . 2012-01-11 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-11 12:03 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-01-11 12:03 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 12:03 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 12:03 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 18:24 . 2012-01-10 18:24 388096 ----a-r- c:\users\Pieter&Hilde\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-10 18:24 . 2012-01-10 18:24 -------- d-----w- c:\program files\Trend Micro

2012-01-10 17:40 . 2012-01-10 18:01 -------- d-----w- c:\program files\Speccy

2012-01-10 16:28 . 2012-01-10 16:28 -------- d-----w- c:\program files\DriverFinder

2012-01-10 16:25 . 2012-01-10 16:28 -------- d-----w- c:\users\Pieter&Hilde\AppData\Roaming\DriverFinder

2012-01-09 14:45 . 2012-01-09 14:45 -------- d-----w- c:\users\Pieter&Hilde\AppData\Local\PackageAware

2012-01-03 13:09 . 2012-01-03 13:19 1688 ----a-w- c:\windows\system32\ASOROSet.bin

2012-01-03 12:23 . 2012-01-03 12:23 -------- d-----w- c:\users\Pieter&Hilde\AppData\Roaming\Systweak

2012-01-03 12:23 . 2012-01-03 12:23 -------- d-----w- c:\program files\RegClean Pro

2011-12-15 18:00 . 2011-12-15 18:00 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-12-15 17:41 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 17:41 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 17:41 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 17:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 17:41 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 17:41 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-02 13:03 . 2011-12-02 13:03 158056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin ERROR(0x00000005)

2011-11-21 10:47 . 2011-10-23 08:16 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)

2011-11-13 09:47 . 2011-11-13 09:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-19 20:26 . 2011-10-19 20:26 703824 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A73FBF20-5B52-41B7-8280-86778CC79CBE}\gapaengine.dll ERROR(0x00000005)

2011-10-18 21:17 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-10-18 20:54 . 2011-10-18 20:54 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-10-18 20:54 . 2011-10-18 20:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-10-18 20:54 . 2011-10-18 20:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-10-18 20:54 . 2011-10-18 20:54 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-10-18 20:54 . 2011-10-18 20:54 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-10-18 20:54 . 2011-10-18 20:54 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-10-18 20:54 . 2011-10-18 20:54 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-10-18 20:54 . 2011-10-18 20:54 367104 ----a-w- c:\windows\system32\html.iec

2011-10-18 20:54 . 2011-10-18 20:54 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-10-18 20:54 . 2011-10-18 20:54 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-10-18 20:54 . 2011-10-18 20:54 161792 ----a-w- c:\windows\system32\msls31.dll

2011-10-18 20:54 . 2011-10-18 20:54 152064 ----a-w- c:\windows\system32\wextract.exe

2011-10-18 20:54 . 2011-10-18 20:54 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-10-18 20:54 . 2011-10-18 20:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-10-18 20:54 . 2011-10-18 20:54 11776 ----a-w- c:\windows\system32\mshta.exe

2011-10-18 20:54 . 2011-10-18 20:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-10-18 20:54 . 2011-10-18 20:54 101888 ----a-w- c:\windows\system32\admparse.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-01-04 21392]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872]

"Spotify"="c:\users\Pieter&Hilde\AppData\Roaming\Spotify\Spotify.exe" [2011-12-21 4010160]

"DriverFinder"="c:\program files\DriverFinder\DriverFinder.exe" [2011-07-18 5515464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-04 7703072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"IsaKbcCertUpdate"="c:\program files\Common Files\Isabel\isa_kbc_certupdate.exe" [2010-07-06 1023576]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-01-04 3508624]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, schannel.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl54640daa;MpKsl54640daa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C744807-CFC3-4DE8-AC6F-DDDB2997F6E4}\MpKsl54640daa.sys [x]

R1 MpKslc845af14;MpKslc845af14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C744807-CFC3-4DE8-AC6F-DDDB2997F6E4}\MpKslc845af14.sys [x]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 136176]

R3 cpuz135;cpuz135;c:\users\PIETER~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 136176]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1343400]

S1 MpKsl64310b37;MpKsl64310b37;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\MpKsl64310b37.sys [2012-01-12 29904]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 07:01]

.

2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 07:01]

.

2012-01-12 c:\windows\Tasks\RegClean Pro_DEFAULT.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-03 10:52]

.

2012-01-11 c:\windows\Tasks\RegClean Pro_UPDATES.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-03 10:52]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

Trusted Zone: kbc.be\www

Trusted Zone: cbc.be\cbc-pdf

Trusted Zone: cbc.be\cbconline

Trusted Zone: cbc.be\static

Trusted Zone: cbc.be\www

Trusted Zone: cbc.eu\www

Trusted Zone: isabel.be\*.IBS6

Trusted Zone: isabel.be\gotoIBS6

Trusted Zone: isabel.be\pki

Trusted Zone: isabel.be\www

Trusted Zone: isabel.eu\upgrade

Trusted Zone: isabel.eu\www

Trusted Zone: kbc.be\kbc-pdf

Trusted Zone: kbc.be\kbconline

Trusted Zone: kbc.be\static

Trusted Zone: kbc.be\www

Trusted Zone: kbc.com\www

Trusted Zone: kbc.eu\www

Trusted Zone: kbcam.be\www

Trusted Zone: kbcam.com\www

Trusted Zone: kbcbankingforbusiness.com\www

Trusted Zone: kbcgroup.eu\multimediafiles

Trusted Zone: kbcgroup.eu\www

Trusted Zone: kbcmerchantbanking.com\www

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\PSIService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\TeamViewer\Version6\TeamViewer.exe

c:\windows\system32\conhost.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-13 07:36:28 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-13 06:36

.

Pre-Run: 882.736.820.224 bytes beschikbaar

Post-Run: 882.799.648.768 bytes beschikbaar

.

- - End Of File - - FFF3888B4B5C1E87CDC15ED002BD1BDD

Link naar reactie
Delen op andere sites

Sorry, blijkbaar hebben we dit logje even over het hoofd gezien :dong:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\MpKsl64310b37.sys ERROR(0x00000005)

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\offreg.dll ERROR(0x00000005)

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\mpengine.dll ERROR(0x00000005)

c:\documents and settings\All Users\Application Data\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin ERROR(0x00000005)

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A73FBF20-5B52-41B7-8280-86778CC79CBE}\gapaengine.dll ERROR(0x00000005)

c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C744807-CFC3-4DE8-AC6F-DDDB2997F6E4}\MpKsl54640daa.sys

c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C744807-CFC3-4DE8-AC6F-DDDB2997F6E4}\MpKslc845af14.sys

c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6529194-44E2-49E7-A396-ABB95807B7BA}\MpKsl64310b37.sys

Driver::

MpKsl54640daa

MpKslc845af14

MpKsl64310b37

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Hierbij de gevraagde logfile:

ComboFix 12-01-21.02 - Pieter&Hilde 22/01/2012 17:35:26.3.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3063.1952 [GMT 1:00]

Gestart vanuit: c:\users\Pieter&Hilde\Desktop\ComboFix1.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Pieter&Hilde\AppData\Local\temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll

c:\users\PIETER~1\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-22 to 2012-01-22 ))))))))))))))))))))))))))))))

.

.

2012-01-22 16:41 . 2012-01-22 16:52 -------- d-----w- c:\users\Pieter&Hilde\AppData\Local\temp

2012-01-22 16:41 . 2012-01-22 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-22 16:22 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C116276E-0D46-4C27-8C5D-60BF9EC3AF7B}\mpengine.dll ERROR(0x00000005)

2012-01-22 15:29 . 2012-01-22 15:29 -------- d-----w- c:\users\Pieter&Hilde\AppData\Local\Diagnostics

2012-01-13 07:08 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-13 07:08 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-01-13 07:08 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-01-13 07:08 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll

2012-01-13 07:08 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-13 07:08 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll

2012-01-13 07:08 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll

2012-01-13 07:08 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll

2012-01-13 07:08 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll

2012-01-13 07:08 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe

2012-01-11 13:47 . 2012-01-11 13:47 -------- d-----w- c:\users\Pieter&Hilde\AppData\Roaming\Malwarebytes

2012-01-11 13:44 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-11 13:44 . 2012-01-11 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-11 12:03 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-01-11 12:03 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 12:03 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 12:03 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 18:24 . 2012-01-10 18:24 388096 ----a-r- c:\users\Pieter&Hilde\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-10 18:24 . 2012-01-10 18:24 -------- d-----w- c:\program files\Trend Micro

2012-01-10 17:40 . 2012-01-10 18:01 -------- d-----w- c:\program files\Speccy

2012-01-10 16:28 . 2012-01-10 16:28 -------- d-----w- c:\program files\DriverFinder

2012-01-10 16:25 . 2012-01-10 16:28 -------- d-----w- c:\users\Pieter&Hilde\AppData\Roaming\DriverFinder

2012-01-09 14:45 . 2012-01-09 14:45 -------- d-----w- c:\users\Pieter&Hilde\AppData\Local\PackageAware

2012-01-03 13:09 . 2012-01-03 13:19 1688 ----a-w- c:\windows\system32\ASOROSet.bin

2012-01-03 12:23 . 2012-01-03 12:23 -------- d-----w- c:\users\Pieter&Hilde\AppData\Roaming\Systweak

2012-01-03 12:23 . 2012-01-03 12:23 -------- d-----w- c:\program files\RegClean Pro

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-06 04:19 . 2011-10-23 08:16 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)

2011-12-02 13:03 . 2011-12-02 13:03 158056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin ERROR(0x00000005)

2011-11-24 04:25 . 2011-12-15 17:41 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-11-13 09:47 . 2011-11-13 09:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-05 04:26 . 2011-12-15 17:41 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47 . 2011-12-15 18:02 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40 . 2011-12-15 18:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39 . 2011-12-15 18:02 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31 . 2011-12-15 18:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-26 04:47 . 2011-12-15 17:41 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-26 04:47 . 2011-12-15 17:41 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 04:28 . 2011-12-15 17:41 38912 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-01-04 21392]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872]

"Spotify"="c:\users\Pieter&Hilde\AppData\Roaming\Spotify\Spotify.exe" [2012-01-21 4027056]

"DriverFinder"="c:\program files\DriverFinder\DriverFinder.exe" [2011-07-18 5515464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-04 7703072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"IsaKbcCertUpdate"="c:\program files\Common Files\Isabel\isa_kbc_certupdate.exe" [2010-07-06 1023576]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-01-04 3508624]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, schannel.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 136176]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

R3 cpuz135;cpuz135;c:\users\PIETER~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 07:01]

.

2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 07:01]

.

2012-01-22 c:\windows\Tasks\RegClean Pro_DEFAULT.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-03 10:52]

.

2012-01-11 c:\windows\Tasks\RegClean Pro_UPDATES.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-03 10:52]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

Trusted Zone: kbc.be\www

Trusted Zone: cbc.be\cbc-pdf

Trusted Zone: cbc.be\cbconline

Trusted Zone: cbc.be\static

Trusted Zone: cbc.be\www

Trusted Zone: cbc.eu\www

Trusted Zone: isabel.be\*.IBS6

Trusted Zone: isabel.be\gotoIBS6

Trusted Zone: isabel.be\pki

Trusted Zone: isabel.be\www

Trusted Zone: isabel.eu\upgrade

Trusted Zone: isabel.eu\www

Trusted Zone: kbc.be\kbc-pdf

Trusted Zone: kbc.be\kbconline

Trusted Zone: kbc.be\static

Trusted Zone: kbc.be\www

Trusted Zone: kbc.com\www

Trusted Zone: kbc.eu\www

Trusted Zone: kbcam.be\www

Trusted Zone: kbcam.com\www

Trusted Zone: kbcbankingforbusiness.com\www

Trusted Zone: kbcgroup.eu\multimediafiles

Trusted Zone: kbcgroup.eu\www

Trusted Zone: kbcmerchantbanking.com\www

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\PSIService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\TeamViewer\Version6\TeamViewer.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-22 17:53:58 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-22 16:53

ComboFix2.txt 2012-01-13 06:36

.

Pre-Run: 884.202.147.840 bytes beschikbaar

Post-Run: 884.269.350.912 bytes beschikbaar

.

- - End Of File - - 9511A662E78E5239B81D22712CBF19AC

Link naar reactie
Delen op andere sites

Het Speccy-logje werd geproduceerd op een moment dat de PC zo'n 5 minuten in gebruik was. Op dat moment bedroeg de temperatuur van de grafische kaart reeds meer dan 40°C.

Kan je een tweede logje posten ?...liefst geproduceerd nadat de PC zo'n uurtje intensief in gebruik is, zo kunnen we de evolutie van de temperaturen beoordelen.

Link naar reactie
Delen op andere sites

@Kape: de PC werkt no altijd tergend traag.

@Asus: Ik kan me niet herinneren dat de PC nog maar 5 min. aktief was. Ik meen me te herinneren dat hij al enkele uren op was en dat ik me terug mateloos aan het ergeren was en zo jullie gecontacteerd heb. Waarschijnlijk een herstart?!

Maar als jullie het nodig vinden wil ik alsnog die zelfde actie eens overdoen. Gelieve te comfirmeren a.u.b.

Alvast bedankt voor alle moeite.

Groeten.

Link naar reactie
Delen op andere sites

Maar als jullie het nodig vinden wil ik alsnog die zelfde actie eens overdoen.

Graag...het is toch wel belangrijk dat we hier de nodige zekerheid hebben... ;-)

Neem tevens de opstarters eens grondig onder handen met Soluto zoals hieronder beschreven :

Download Soluto. (klik er op)

Klik op I Agree – Install. Wacht in het scherm wat daarop volgt. Na 30 seconden verdwijnt dit scherm en installeert Soluto verder. Tijdens dit proces kan je je pc normaal gebruiken.

Als je wilt zien hoever Soluto is met installeren druk je met de rechtermuisknop op het icoontje soluto.png rechts onderin op de taakbalk en kies je voor ‘Open’.

Als de installatie voltooid is zal Soluto vragen om opnieuw op te starten. Sla alle programma’s die je open hebt staan op, en klik op Reboot PC Now.

Als de pc opnieuw opgestart is open je Soluto en klik je op ‘Chop Boot’. Daar kan je programma’s uitsluiten van het opstarten.

Voor een uitgebreide handleiding hierover klik je Hier. (klik er op)

aangepast door Asus
Link naar reactie
Delen op andere sites

Temperaturen zijn aanvaardbaar.

Werden op de PC alle noodzakelijke updates geïnstalleerd ?...bekijk dit eens via Windows Update (start --> configuratiescherm --> systeem en beveiliging --> Windows Update)...selecteer wat je wil installeren, voer de installatie uit en indien de updates dat vragen : start je systeem opnieuw op

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.