Traag laden (soms) van internet pagina's

kape · 26 januari 2012

Prima, dit is een volledige versie ;-)

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\ntDefender.exe

Folder::

c:\documents and settings\Dennis\Application Data\searchquband

c:\documents and settings\Dennis\AppData

Driver::

brmjvbkn

Firefox::

FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Der · 26 januari 2012

Tekst opgeslagen

hoe het bestand in combofix te krijgen ?

Map op c schijf genaamd combofix lijkt leeg te zijn heeft het zich ergens anders geinstaleerd

kape · 26 januari 2012

Heb je nog een rode snelkoppeling van Combofix op je bureaublad staan ? Zo ja, sleep dan het bestandje CFScript.txt - dat ook op je bureaublad aanwezig moet zijn - in deze snelkoppeling. En dan zou Combofix opnieuw moeten opstarten om de verbeteringen aan te brengen.

Der · 26 januari 2012

ComboFix 12-01-26.01 - Dennis 26-01-2012 15:15:15.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.1161 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 ))))))))))))))))))))))))))))))

.

2012-01-25 23:13 . 2012-01-25 23:13 388096 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-25 23:13 . 2012-01-25 23:13 -------- d-----w- c:\program files\Trend Micro

2012-01-24 18:15 . 2012-01-25 16:38 -------- d-----w- c:\program files\Speccy

2012-01-24 16:53 . 2012-01-24 16:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\AppData

2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\Application Data\searchquband

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:22 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:22 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-10 04:54 . 2011-01-24 08:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2009-04-03 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2001-01-26 22:37 . 2009-05-23 08:23 172605 ----a-w- c:\program files\mproxy12.exe

2012-01-24 16:53 . 2012-01-21 22:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-05-31 14:25 179201 --sh--r- c:\windows\system32\ntDefender.exe

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-02-07 13:55 . B8C5DB62C058D42FA711996A493C96D6 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2010-02-07 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2011-01-23 770728]

"EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2011-01-23 139944]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\mcafee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dleecoms.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=

.

R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 8:22 14208]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15-6-2011 16:33 249648]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]

R3 cpuz135;cpuz135;\??\c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3-4-2009 12:07 108032]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3-4-2009 12:00 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3-4-2009 12:00 43608]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 brmjvbkn;IP Traffic Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [15-4-2008 13:00 14336]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [16-10-2011 21:35 193192]

S2 srsfah;srsfah;c:\program files\Simlock Remote Client\Fah\fah.exe [18-9-2010 16:22 422400]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7-7-2011 18:31 195336]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 13:49 227232]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [14-8-2009 14:19 500736]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - CPUZ135

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - MBAMSwissArmy

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

brmjvbkn

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-26 c:\windows\Tasks\PCCT - MAGIX AG.job

- c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-10-31 16:57]

.

2012-01-24 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-06-18 20:18]

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:8118

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Banner Maker Pro 6_is1 - c:\program files\Banner Maker Pro 6\unins000.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-26 15:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\netprovcredman.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'explorer.exe'(5856)

c:\documents and settings\Dennis\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2012-01-26 15:24:54

ComboFix-quarantined-files.txt 2012-01-26 14:24

ComboFix2.txt 2012-01-26 09:17

.

Pre-Run: 28.307.660.800 bytes beschikbaar

Post-Run: 28.345.536.512 bytes beschikbaar

.

- - End Of File - - E420F272152F5E68DEDEF5088B690744

kape · 26 januari 2012

Dit is niet helemaal goed verlopen. Hier is Combofix weer gewoon opgestart, maar niet via het scriptje. Wil je nog eens een poging doen om via slepen het script IN de snelkoppeling te krijgen. Dan pas kunnen de verbeteringen uitgevoerd worden.

Der · 26 januari 2012

De computer is opnieuw opgestart.

site zoals Telegraaf.nl laadt nog steeds ultra langzaam en na een paar x refreshen gaat hij verder.

Andere laptop ook draadloos ernaast gezet geen enkle probleem !

Hieronder een nieuwe log.

ps

alvast bedankt voor de moeite die je hier in steekt

ComboFix 12-01-26.01 - Dennis 26-01-2012 16:49:05.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.1156 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Dennis\Mijn documenten\Downloads\cfscript.txt

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

FILE ::

"c:\windows\system32\ntDefender.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Dennis\AppData

c:\documents and settings\Dennis\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}

c:\documents and settings\Dennis\Application Data\searchquband

c:\windows\system32\ntDefender.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BRMJVBKN

-------\Service_brmjvbkn