Ga naar inhoud

Traag laden (soms) van internet pagina's


Der

Aanbevolen berichten

Prima, dit is een volledige versie ;-)

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\ntDefender.exe

Folder::

c:\documents and settings\Dennis\Application Data\searchquband

c:\documents and settings\Dennis\AppData

Driver::

brmjvbkn

Firefox::

FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

  • Reacties 22
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Heb je nog een rode snelkoppeling van Combofix op je bureaublad staan ? Zo ja, sleep dan het bestandje CFScript.txt - dat ook op je bureaublad aanwezig moet zijn - in deze snelkoppeling. En dan zou Combofix opnieuw moeten opstarten om de verbeteringen aan te brengen.

Link naar reactie
Delen op andere sites

ComboFix 12-01-26.01 - Dennis 26-01-2012 15:15:15.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.1161 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 ))))))))))))))))))))))))))))))

.

.

2012-01-25 23:13 . 2012-01-25 23:13 388096 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-25 23:13 . 2012-01-25 23:13 -------- d-----w- c:\program files\Trend Micro

2012-01-24 18:15 . 2012-01-25 16:38 -------- d-----w- c:\program files\Speccy

2012-01-24 16:53 . 2012-01-24 16:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\AppData

2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\Application Data\searchquband

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:22 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:22 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-10 04:54 . 2011-01-24 08:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2009-04-03 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2001-01-26 22:37 . 2009-05-23 08:23 172605 ----a-w- c:\program files\mproxy12.exe

2012-01-24 16:53 . 2012-01-21 22:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-05-31 14:25 179201 --sh--r- c:\windows\system32\ntDefender.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-02-07 13:55 . B8C5DB62C058D42FA711996A493C96D6 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2010-02-07 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2011-01-23 770728]

"EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2011-01-23 139944]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\mcafee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dleecoms.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=

.

R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 8:22 14208]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15-6-2011 16:33 249648]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]

R3 cpuz135;cpuz135;\??\c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3-4-2009 12:07 108032]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3-4-2009 12:00 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3-4-2009 12:00 43608]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 brmjvbkn;IP Traffic Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [15-4-2008 13:00 14336]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [16-10-2011 21:35 193192]

S2 srsfah;srsfah;c:\program files\Simlock Remote Client\Fah\fah.exe [18-9-2010 16:22 422400]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7-7-2011 18:31 195336]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 13:49 227232]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [14-8-2009 14:19 500736]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - CPUZ135

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - MBAMSwissArmy

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

brmjvbkn

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-26 c:\windows\Tasks\PCCT - MAGIX AG.job

- c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-10-31 16:57]

.

2012-01-24 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-06-18 20:18]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:8118

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Banner Maker Pro 6_is1 - c:\program files\Banner Maker Pro 6\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-26 15:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\netprovcredman.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'explorer.exe'(5856)

c:\documents and settings\Dennis\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2012-01-26 15:24:54

ComboFix-quarantined-files.txt 2012-01-26 14:24

ComboFix2.txt 2012-01-26 09:17

.

Pre-Run: 28.307.660.800 bytes beschikbaar

Post-Run: 28.345.536.512 bytes beschikbaar

.

- - End Of File - - E420F272152F5E68DEDEF5088B690744

Link naar reactie
Delen op andere sites

Dit is niet helemaal goed verlopen. Hier is Combofix weer gewoon opgestart, maar niet via het scriptje. Wil je nog eens een poging doen om via slepen het script IN de snelkoppeling te krijgen. Dan pas kunnen de verbeteringen uitgevoerd worden.

Link naar reactie
Delen op andere sites

De computer is opnieuw opgestart.

site zoals Telegraaf.nl laadt nog steeds ultra langzaam en na een paar x refreshen gaat hij verder.

Andere laptop ook draadloos ernaast gezet geen enkle probleem !

Hieronder een nieuwe log.

ps

alvast bedankt voor de moeite die je hier in steekt

ComboFix 12-01-26.01 - Dennis 26-01-2012 16:49:05.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.1156 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Dennis\Mijn documenten\Downloads\cfscript.txt

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

FILE ::

"c:\windows\system32\ntDefender.exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Dennis\AppData

c:\documents and settings\Dennis\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}

c:\documents and settings\Dennis\Application Data\searchquband

c:\windows\system32\ntDefender.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BRMJVBKN

-------\Service_brmjvbkn

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 ))))))))))))))))))))))))))))))

.

.

2012-01-25 23:13 . 2012-01-25 23:13 388096 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-25 23:13 . 2012-01-25 23:13 -------- d-----w- c:\program files\Trend Micro

2012-01-24 18:15 . 2012-01-25 16:38 -------- d-----w- c:\program files\Speccy

2012-01-24 16:53 . 2012-01-24 16:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:22 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:22 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-10 04:54 . 2011-01-24 08:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2009-04-03 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2001-01-26 22:37 . 2009-05-23 08:23 172605 ----a-w- c:\program files\mproxy12.exe

2012-01-24 16:53 . 2012-01-21 22:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-02-07 13:55 . B8C5DB62C058D42FA711996A493C96D6 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2010-02-07 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-01-26_09.16.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-26 16:05 . 2012-01-26 16:05 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2011-01-23 770728]

"EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2011-01-23 139944]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\mcafee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dleecoms.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=

.

R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 8:22 14208]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15-6-2011 16:33 249648]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]

R2 srsfah;srsfah;c:\program files\Simlock Remote Client\Fah\fah.exe [18-9-2010 16:22 422400]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3-4-2009 12:07 108032]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3-4-2009 12:00 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3-4-2009 12:00 43608]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [16-10-2011 21:35 193192]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7-7-2011 18:31 195336]

S3 cpuz135;cpuz135;\??\c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 13:49 227232]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [14-8-2009 14:19 500736]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - cpuz132

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-26 c:\windows\Tasks\PCCT - MAGIX AG.job

- c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-10-31 16:57]

.

2012-01-26 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-06-18 20:18]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:8118

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-26 17:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2420)

c:\documents and settings\Dennis\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\dleecoms.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\simlock remote client\fah\FahCore_a4.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-26 17:15:05 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-26 16:15

ComboFix2.txt 2012-01-26 14:24

ComboFix3.txt 2012-01-26 09:17

.

Pre-Run: 27.996.737.536 bytes beschikbaar

Post-Run: 28.160.581.632 bytes beschikbaar

.

- - End Of File - - 4E40C98828C908D04435569ED7D37782

Link naar reactie
Delen op andere sites

Dit ziet er netjes uit. Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

• Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"

• Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"

• Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"

• Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.

• Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.

• Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

Opmerking:

Als u deze melding ziet.

C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK

Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".

• Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"

Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt

• Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.

• Herstart nu de computer.

Link naar reactie
Delen op andere sites

Emsisoft Emergency Kit - Versie 1.0

Laatste Update: 26-1-2012 21:11:47

Scaninstellingen:

Scantype: Diepe Scan

Objecten: Geheugen, Sporen, Cookies, C:\

Scan archieven: Aan

Heuristieken: Uit

ADS Scan: Aan

Scan gestart: 26-1-2012 21:13:03

Key: HKEY_CURRENT_USER\software\ThankSoft Ontdekt: Trace.Registry.MaskSurf!A2

Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems Ontdekt: Trace.Registry.Trymedia!A2

Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software Ontdekt: Trace.Registry.Trymedia!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1060 Ontdekt: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1166 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:3998 Ontdekt: Trace.TrackingCookie.ad.zanox.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5565 Ontdekt: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5566 Ontdekt: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5567 Ontdekt: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5569 Ontdekt: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5570 Ontdekt: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5571 Ontdekt: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\alt.binaries.b4e\Frostwire\googleearthprodec0depatch.exe Ontdekt: Trojan.Win32.Patcher.AMN!A2

C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\wizard\Nero 9.2.5.0+Keygen[h33t]MasterUploader\Keygen\nero9 keygen STR!D3R.exe Ontdekt: Riskware.Keygen.Nero!IK

C:\Program Files\Google\Google Earth Pro\googleearthprodec0depatch.exe Ontdekt: Trojan.Win32.Patcher.AMN!A2

C:\Program Files\HijackThis\backups\backup-20120126-000712-808.dll Ontdekt: Trojan.Win32.Toolbar.SearchSuite.AMN!A2

C:\Program Files\Shockwave.com\Super Collapse! II\product\Relapse.exe Ontdekt: Backdoor.Win32.VB.mly!A2

C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Ontdekt: Trojan.Win32.Toolbar.SearchSuite.AMN!A2

C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Ontdekt: Trojan.Win32.Toolbar.SearchSuite.AMN!A2

C:\Program Files\winzip\WinZip_Pro_12.0.8252\WinZip Pro 12.0.8252\Keygen\keygen.exe Ontdekt: Riskware.Keygen.WinZIP!IK

C:\Program Files\Zylom Games\Super Collapse! Puzzle Gallery 5 Deluxe\supercollapsepuzzlegallery5.exe Ontdekt: AdWare.SuspectCRC!IK

C:\Qoobox\Quarantine\C\WINDOWS\system32\ntDefender.exe.vir Ontdekt: Trojan.Win32.SuspectCRC!IK

C:\System Volume Information\_restore{FB680ACD-4DB6-449F-8F17-D44ACAB9732A}\RP610\A0086822.exe Ontdekt: Trojan.Win32.SuspectCRC!IK

Gescand

Bestanden: 358314

Sporen: 404020

Cookies: 1035

Processen: 58

Gevonden

Bestanden: 11

Sporen: 3

Cookies: 10

Processen: 0

Registersleutels: 0

Scan Geëindigd: 27-1-2012 0:13:32

Scantijd: 3:00:29

C:\Qoobox\Quarantine\C\WINDOWS\system32\ntDefender.exe.vir Verwijderd Trojan.Win32.SuspectCRC!IK

C:\System Volume Information\_restore{FB680ACD-4DB6-449F-8F17-D44ACAB9732A}\RP610\A0086822.exe Verwijderd Trojan.Win32.SuspectCRC!IK

C:\Program Files\Zylom Games\Super Collapse! Puzzle Gallery 5 Deluxe\supercollapsepuzzlegallery5.exe Verwijderd AdWare.SuspectCRC!IK

C:\Program Files\winzip\WinZip_Pro_12.0.8252\WinZip Pro 12.0.8252\Keygen\keygen.exe Verwijderd Riskware.Keygen.WinZIP!IK

C:\Program Files\Shockwave.com\Super Collapse! II\product\Relapse.exe Verwijderd Backdoor.Win32.VB.mly!A2

C:\Program Files\HijackThis\backups\backup-20120126-000712-808.dll Verwijderd Trojan.Win32.Toolbar.SearchSuite.AMN!A2

C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Verwijderd Trojan.Win32.Toolbar.SearchSuite.AMN!A2

C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Verwijderd Trojan.Win32.Toolbar.SearchSuite.AMN!A2

C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\wizard\Nero 9.2.5.0+Keygen[h33t]MasterUploader\Keygen\nero9 keygen STR!D3R.exe Verwijderd Riskware.Keygen.Nero!IK

C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\alt.binaries.b4e\Frostwire\googleearthprodec0depatch.exe Verwijderd Trojan.Win32.Patcher.AMN!A2

C:\Program Files\Google\Google Earth Pro\googleearthprodec0depatch.exe Verwijderd Trojan.Win32.Patcher.AMN!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5565 Verwijderd Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5566 Verwijderd Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5567 Verwijderd Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5569 Verwijderd Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5570 Verwijderd Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5571 Verwijderd Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:3998 Verwijderd Trace.TrackingCookie.ad.zanox.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1166 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1060 Verwijderd Trace.TrackingCookie.adserv!A2

Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems Verwijderd Trace.Registry.Trymedia!A2

Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software Verwijderd Trace.Registry.Trymedia!A2

Key: HKEY_CURRENT_USER\software\ThankSoft Verwijderd Trace.Registry.MaskSurf!A2

Verwijderd

Bestanden: 11

Sporen: 3

Cookies: 9

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.