Ga naar inhoud

Opstartprobleem


peet6

Aanbevolen berichten

Goedemorgen U vroeg mij om services.msc te openen en naar de status van erecovery te kijken .Erecovery komt niet in die lijst voor.Als ik via zoeken naar erecovery zoek krijg ik een lijst met van alles wat start met erecovery.als ik dat probeer te uploaden naar U zegt het uploadprogram dat het een invalid file is.Tevens krijg ik de melding dat erecovery management niet beschikbaar is, zoals gemeld staat het wel in de pc. .Hopelijk kunt U hier iets uit halen.

Bij voorbaat dank. Groeten Peet6.

Link naar reactie
Delen op andere sites

  • Reacties 33
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Dan gaan we proberen met HJT of dit opgelost kan worden.

1. Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.


2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.


3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:58:25, on 29-1-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SkyTel.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7622 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

Klik op 'Fix checked' om de items te verwijderen.

En krijg je dan nog de foutmelding bij het opstarten ?

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-02-05.01 - spruit 04-02-2012 22:52:06.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.959.352 [GMT -12:00]

Gestart vanuit: c:\documents and settings\spruit\Bureaublad\ComboFix.exe

AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\kb913800.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-05 to 2012-02-05 ))))))))))))))))))))))))))))))

.

.

2012-02-05 10:40 . 2012-02-05 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM

2012-02-05 10:40 . 2012-02-05 10:41 -------- d-----w- c:\program files\SweetIM

2012-02-05 03:22 . 2012-02-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PTV-AG

2012-02-05 03:20 . 2012-02-05 03:20 -------- d-----w- c:\program files\Common Files\ptv shared

2012-02-05 03:16 . 2012-02-05 03:16 -------- d-----w- c:\documents and settings\spruit\Application Data\InstallShield

2012-01-30 05:54 . 2012-01-30 05:54 388096 ----a-r- c:\documents and settings\spruit\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-30 05:54 . 2012-01-30 05:54 -------- d-----w- c:\program files\Trend Micro

2012-01-29 20:36 . 2012-01-29 20:36 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-15 00:37 . 2012-01-15 00:37 -------- d-----w- c:\documents and settings\spruit\.jordan

2012-01-15 00:12 . 2012-01-15 00:12 -------- d-----w- c:\windows\Sun

2012-01-14 23:34 . 2012-01-14 23:34 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-01-14 23:34 . 2012-01-14 23:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-14 19:05 . 2012-01-14 19:05 -------- d-----w- c:\documents and settings\spruit\Local Settings\Application Data\ESET

2012-01-14 19:05 . 2012-01-14 19:05 -------- d-----w- c:\documents and settings\spruit\Application Data\ESET

2012-01-14 19:03 . 2012-01-14 19:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2012-01-14 19:02 . 2012-01-14 19:02 -------- d-----w- c:\program files\ESET

2012-01-14 19:02 . 2012-01-14 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2012-01-14 08:32 . 2012-01-14 08:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software

2012-01-08 07:42 . 2012-01-08 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecretsOfOlympus

2012-01-08 07:35 . 2012-01-14 19:25 -------- d-----w- c:\program files\Secrets Of Olympus

2012-01-08 07:34 . 2012-01-08 07:34 -------- d-----w- c:\program files\ReflexiveArcade

2012-01-08 04:54 . 2012-01-08 04:57 -------- d-----w- c:\program files\RegCleaner

2012-01-08 04:26 . 2011-12-19 17:55 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2012-01-08 04:26 . 2011-12-19 17:50 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2012-01-08 04:25 . 2012-01-08 04:26 -------- d-----w- c:\program files\TuneUp Utilities 2011

2012-01-07 19:48 . 2012-01-07 19:48 -------- d-----w- c:\documents and settings\spruit\Application Data\AVG

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 11:08 . 2012-01-01 11:08 32608 ----a-w- c:\windows\king-uninstall.exe

2011-12-16 20:27 . 2011-12-16 20:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57 . 2005-09-01 02:28 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2005-10-06 03:11 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2004-09-02 13:00 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:22 . 2004-09-02 13:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:22 . 2004-09-02 13:00 152064 ----a-w- c:\windows\system32\schannel.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-01-16 130864]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2012-01-16 00:27 1330480 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-16 1330480]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-16 1330480]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]

"SkyTel"="SkyTel.EXE" [2006-04-24 1448960]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-09-02 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7311360]

"nwiz"="nwiz.exe" [2006-05-08 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-08 86016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-10 254696]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-23 3080264]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-20 114992]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiSpyWareDisableNotify"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SnelStart\\v7\\SnelStart.exe"=

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4-8-2011 9:20 118104]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22-9-2011 12:03 974944]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [19-12-2011 5:53 1527104]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7-7-2011 2:46 10064]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Zoek op het web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

TCP: DhcpNameServer = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-02-04 22:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1848)

c:\windows\System32\BCMLogon.dll

.

Voltooingstijd: 2012-02-04 22:58:00

ComboFix-quarantined-files.txt 2012-02-05 10:57

.

Pre-Run: 232.972.369.920 bytes beschikbaar

Post-Run: 233.239.863.296 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 15CF02C2BA436718508F4DEAC306D0EB

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\documents and settings\All Users\Application Data\SweetIM

c:\program files\SweetIM

c:\documents and settings\spruit\Application Data\AVG

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SweetIM"=-

"LaunchApp"=-

DDS::

IE: Zoek op het web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-02-05.01 - spruit 05-02-2012 7:11.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.959.391 [GMT -12:00]

Gestart vanuit: c:\documents and settings\spruit\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\spruit\Mijn documenten\CFScript.txt.txt

AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\SweetIM

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\adapter.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\autoupdate.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\contentpackages.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\logger.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\messages.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\sweetim.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\sweetimapp.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\users\main_user_config.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\cache_indx.dat

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\close_but.gif

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\052fa331a4bfc3dfa2a3603ffa88e8f2.prad39.js

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\473d5c007e793590a1db512a6ef4eb57.games2.png

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\53b597b55d8412d563b720d3585c1af8.facebook.png

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\ae4884ec095a2b4ca0c079f93439dd7f.ieinfb.js

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\fd966cfdfb43e4bfcb57fc08d68b8346.toolbar44.xml

c:\documents and settings\spruit\Application Data\AVG

c:\documents and settings\spruit\Application Data\AVG\PC Tuneup\Logs\PC Tuneup_SN.log

c:\documents and settings\spruit\Application Data\AVG\PC Tuneup\User Reports\Integrator_report.html

c:\documents and settings\spruit\Application Data\AVG\PC Tuneup\User Reports\Integrator_report.xml

c:\documents and settings\spruit\Application Data\AVG\Rescue\PC Tuneup 2011\120107204801845.rsc

c:\documents and settings\spruit\Application Data\AVG\Rescue\PC Tuneup 2011\120107204803908.rsc

c:\program files\SweetIM

c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe

c:\program files\SweetIM\Messenger\default.xml

c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll

c:\program files\SweetIM\Messenger\mgArchive.dll

c:\program files\SweetIM\Messenger\mgcommon.dll

c:\program files\SweetIM\Messenger\mgcommunication.dll

c:\program files\SweetIM\Messenger\mgconfig.dll

c:\program files\SweetIM\Messenger\mgFlashPlayer.dll

c:\program files\SweetIM\Messenger\mghooking.dll

c:\program files\SweetIM\Messenger\mgICQAuto.dll

c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll

c:\program files\SweetIM\Messenger\mglogger.dll

c:\program files\SweetIM\Messenger\mgMediaPlayer.dll

c:\program files\SweetIM\Messenger\mgMsnAuto.dll

c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll

c:\program files\SweetIM\Messenger\mgsimcommon.dll

c:\program files\SweetIM\Messenger\mgSweetIM.dll

c:\program files\SweetIM\Messenger\mgUpdateSupport.dll

c:\program files\SweetIM\Messenger\mgxml_wrapper.dll

c:\program files\SweetIM\Messenger\mgYahooAuto.dll

c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll

c:\program files\SweetIM\Messenger\msvcp71.dll

c:\program files\SweetIM\Messenger\msvcr71.dll

c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png

c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png

c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png

c:\program files\SweetIM\Messenger\resources\images\GamesButton.png

c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png

c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png

c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png

c:\program files\SweetIM\Messenger\resources\images\WinksButton.png

c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll

c:\program files\SweetIM\Messenger\SweetIM.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-05 to 2012-02-05 ))))))))))))))))))))))))))))))

.

.

2012-02-05 03:22 . 2012-02-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PTV-AG

2012-02-05 03:20 . 2012-02-05 03:20 -------- d-----w- c:\program files\Common Files\ptv shared

2012-02-05 03:16 . 2012-02-05 03:16 -------- d-----w- c:\documents and settings\spruit\Application Data\InstallShield

2012-01-30 05:54 . 2012-01-30 05:54 388096 ----a-r- c:\documents and settings\spruit\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-30 05:54 . 2012-01-30 05:54 -------- d-----w- c:\program files\Trend Micro

2012-01-29 20:36 . 2012-01-29 20:36 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-15 00:37 . 2012-01-15 00:37 -------- d-----w- c:\documents and settings\spruit\.jordan

2012-01-15 00:12 . 2012-01-15 00:12 -------- d-----w- c:\windows\Sun

2012-01-14 23:34 . 2012-01-14 23:34 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-01-14 23:34 . 2012-01-14 23:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-14 19:05 . 2012-01-14 19:05 -------- d-----w- c:\documents and settings\spruit\Local Settings\Application Data\ESET

2012-01-14 19:05 . 2012-01-14 19:05 -------- d-----w- c:\documents and settings\spruit\Application Data\ESET

2012-01-14 19:03 . 2012-01-14 19:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2012-01-14 19:02 . 2012-01-14 19:02 -------- d-----w- c:\program files\ESET

2012-01-14 19:02 . 2012-01-14 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2012-01-14 08:32 . 2012-01-14 08:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software

2012-01-08 07:42 . 2012-01-08 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecretsOfOlympus

2012-01-08 07:35 . 2012-01-14 19:25 -------- d-----w- c:\program files\Secrets Of Olympus

2012-01-08 07:34 . 2012-01-08 07:34 -------- d-----w- c:\program files\ReflexiveArcade

2012-01-08 04:54 . 2012-01-08 04:57 -------- d-----w- c:\program files\RegCleaner

2012-01-08 04:26 . 2011-12-19 17:55 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2012-01-08 04:26 . 2011-12-19 17:50 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2012-01-08 04:25 . 2012-01-08 04:26 -------- d-----w- c:\program files\TuneUp Utilities 2011

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 11:08 . 2012-01-01 11:08 32608 ----a-w- c:\windows\king-uninstall.exe

2011-12-16 20:27 . 2011-12-16 20:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57 . 2005-09-01 02:28 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2005-10-06 03:11 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2004-09-02 13:00 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:22 . 2004-09-02 13:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:22 . 2004-09-02 13:00 152064 ----a-w- c:\windows\system32\schannel.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-05_10.56.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-05 19:17 . 2012-02-05 19:17 16384 c:\windows\temp\Perflib_Perfdata_508.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]

"SkyTel"="SkyTel.EXE" [2006-04-24 1448960]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-09-02 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7311360]

"nwiz"="nwiz.exe" [2006-05-08 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-08 86016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-10 254696]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-23 3080264]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiSpyWareDisableNotify"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SnelStart\\v7\\SnelStart.exe"=

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4-8-2011 9:20 118104]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22-9-2011 12:03 974944]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [19-12-2011 5:53 1527104]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7-7-2011 2:46 10064]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-02-05 07:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1708)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(2340)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\RTHDCPL.EXE

c:\windows\SkyTel.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

c:\windows\eHome\ehmsas.exe

c:\windows\eHome\ehSched.exe

c:\windows\system32\dllhost.exe

.

**************************************************************************

.

Voltooingstijd: 2012-02-04 18:19:33 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-05 06:19

ComboFix2.txt 2012-02-05 11:00

.

Pre-Run: 233.238.831.104 bytes beschikbaar

Post-Run: 233.233.809.408 bytes beschikbaar

.

- - End Of File - - EA164AD8A8376CC9EEFBD8C3D167E690

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.