Ga naar inhoud

computer heel traag geworden


stoffe

Aanbevolen berichten

Beste,

Tot voor twee weken had ik geen enkel probleem met mijn PC. Nu stel ik vast dat die steeds trager wordt.

Enerzijds duurt het lang vooraleer een internetlink opent, anderzijds gaat ook het typen heel traag (wanneer ik een aanslag doe, duurt het quasi een seconde alvorens de letter/cijfer op het scherm verschijnt.)

Ik ken er niet veel van, maar blijkbaar vragen jullie meestal een Hijackthis-file:

[hjt]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:42:27, on 18/02/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

c:\windows\system32\smss.exe

c:\progra~1\avg\avg10\avgchsvx.exe

c:\windows\system32\winlogon.exe

c:\windows\system32\services.exe

c:\windows\system32\lsass.exe

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\system32\spoolsv.exe

c:\program files\avg\avg10\avgfws.exe

c:\program files\avg\avg10\avgwdsvc.exe

c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

c:\program files\common files\lightscribe\lssrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\hpzipm12.exe

c:\program files\tuneup utilities 2012\tuneuputilitiesservice32.exe

c:\program files\avg\avg10\avgam.exe

c:\program files\avg\avg10\avgnsx.exe

c:\program files\avg\avg10\avgemcx.exe

c:\windows\explorer.exe

c:\windows\rthdcpl.exe

c:\program files\avg\avg10\avgtray.exe

c:\windows\system32\ctfmon.exe

c:\program files\avg\avg10\identity protection\agent\bin\avgidsmonitor.exe

c:\program files\outlook express\msimn.exe

c:\program files\avg\avg10\avgcsrvx.exe

c:\program files\internet explorer\iexplore.exe

c:\windows\system32\svchost.exe

c:\progra~1\avg\avg10\avgrsx.exe

c:\program files\avg\avg10\avgcsrvx.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\trend micro\hijackthis\hijackthis.exe

c:\windows\system32\msiexec.exe

c:\program files\internet explorer\iexplore.exe

c:\program files\microsoft office\office11\winword.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.tijd.be/[/noparse]

r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]

r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]

r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]

r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://startsear.ch/?aff=2&cf=0264c94c-299a-11e1-b2b5-00508d9191d1[/noparse]

r0 - hklm\software\microsoft\internet explorer\search,searchassistant =

r0 - hklm\software\microsoft\internet explorer\search,customizesearch =

r1 - hkcu\software\microsoft\internet connection wizard,shellnext = [noparse]http://go.microsoft.com/fwlink/?linkid=74005[/noparse]

r1 - hkcu\software\microsoft\internet explorer\main,window title = internet explorer

o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll

o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll

o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

o2 - bho: java plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll

o3 - toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

o4 - hklm\..\run: [rthdcpl] rthdcpl.exe

o4 - hklm\..\run: [alcmtr] alcmtr.exe

o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe

o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime

o4 - hklm\..\run: [avg_tray] c:\program files\avg\avg10\avgtray.exe

o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup

o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe

o4 - hkcu\..\run: [google update] c:\documents and settings\kristof\local settings\application data\google\update\googleupdate.exe /c

o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')

o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')

o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')

o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')

o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll

o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe

o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe

o10 - unknown file in winsock lsp: c:\windows\system32\nwprovau.dll

o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg10\avgpp.dll

o20 - appinit_dlls:

o22 - sharedtaskscheduler: preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll

o22 - sharedtaskscheduler: cache-daemon voor onderdeelcategorieën - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll

o23 - service: avg firewall (avgfws) - avg technologies cz, s.r.o. - c:\program files\avg\avg10\avgfws.exe

o23 - service: avgidsagent - avg technologies cz, s.r.o. - c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe

o23 - service: avg watchdog (avgwd) - avg technologies cz, s.r.o. - c:\program files\avg\avg10\avgwdsvc.exe

o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe

o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe

o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe

o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe

o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe

o23 - service: pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe

o23 - service: tuneup utilities service (tuneup.utilitiessvc) - tuneup software - c:\program files\tuneup utilities 2012\tuneuputilitiesservice32.exe

--

end of file - 6707 bytes

[/hjt]

Link naar reactie
Delen op andere sites

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

r0 - hklm\software\microsoft\internet explorer\main,start page = SearchCompletion Search

r0 - hklm\software\microsoft\internet explorer\search,searchassistant =

r0 - hklm\software\microsoft\internet explorer\search,customizesearch =

r1 - hkcu\software\microsoft\internet connection wizard,shellnext = Customize Your Settings

o3 - toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

o4 - hklm\..\run: [alcmtr] alcmtr.exe

o20 - appinit_dlls:

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

P.S. : je moet je nieuwe logje niet door de kleurengenerator van een ander forum halen. Dat is een nutteloos fantasietje en een waardeloze extra actie. Plaats je log gewoon in de vorm die je uit HijackThis haalt.

Link naar reactie
Delen op andere sites

Bedankt voor jullie snelle antwoord.

Ik heb gedaan zoals hierboven aangegeven. Het enige wat ik niet hoefde te doen na de MBAM-scan, was heropstarten.

Hierbij de gevraagde logfiles:

Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:04:31, on 22/02/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Uninstallation survey | AVG Nederland

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--

End of file - 6777 bytes

MBAM

Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000

www.malwarebytes.org

Databaseversie: v2012.02.22.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Kristof :: DESKTOP [administrator]

Realtime bescherming: Ingeschakeld

22/02/2012 20:22:26

mbam-log-2012-02-22 (20-22-26).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 402413

Verstreken tijd: 36 minuut/minuten, 58 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 19

HKCR\AppID\{E81CF86B-F683-422A-B742-3F2427EA9D6A} (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{86C510E9-97EF-4749-914F-0280247BE3A6} (Adware.WebDir) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75} (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 2

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Slecht: (SearchCompletion Search) Goed: (Google) -> Succesvol in quarantaine geplaatst en gerepareerd.

Mappen gedetecteerd: 1

C:\Documents and Settings\Kids\M-1-52-5782-8754-5245 (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 3

C:\Documents and Settings\Administrator.INDEPEND-M26V8H\Desktop\spywarescanner.lnk (Rogue.AntiSpyware) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\WINDOWS\system32\QFPRED6R.exe.a_a (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\WINDOWS\system32\s86ha43k.exe.a_a (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Graag uw deskundig advies ...

Groeten,

Kristof

Link naar reactie
Delen op andere sites

De snelheid van mijn pc is er niet echt op verbeterd.

Het duurt nog steeds een tweetal minuten alvorens mijn desktop verschijnt na het opstarten.

En programma's reageren ook heel traag. Bv. oulook express opstarten duurde zonet bijna één minuut alvorens het programma geopend was en alle mail (16 stuks) was binnengetrokken, een Excel-bestandje openen duurt ongeveer 30 seconden, klikken op een internetlink in een mail duurt ongeveer 30 seconden alvorens internet opent.

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Beste

Ik heb ComboFix laten lopen. Dit is de logfile:

ComboFix 12-02-27.02 - Kristof 28/02/2012 18:41:07.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2047.1222 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Kristof\Bureaublad\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\Kids\Application Data\PriceGong

c:\documents and settings\Kids\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Kids\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Kids\WINDOWS

c:\documents and settings\Kristof\Application Data\PriceGong

c:\documents and settings\Kristof\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Kristof\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Kristof\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Kristof\setup_SSDGPI_Fotoservice.exe

c:\documents and settings\Kristof\WINDOWS

c:\documents and settings\Sybille\Application Data\PriceGong

c:\documents and settings\Sybille\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Sybille\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Sybille\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk

c:\program files\Internet Explorer\iexplore.exe.tmp

c:\program files\StartSearch plugin

c:\program files\StartSearch plugin\IEhelperActiveX.dll

c:\windows\IsUn0413.exe

c:\windows\unin0413.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SSHNAS

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-28 to 2012-02-28 ))))))))))))))))))))))))))))))

.

.

2012-02-28 11:50 . 2012-02-28 17:32 -------- d--h--r- c:\documents and settings\Kristof\Onlangs geopend

2012-02-27 20:06 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D056C57-FE43-492F-94B5-5B31F39377C1}\mpengine.dll

2012-02-26 13:58 . 2012-02-26 13:58 -------- d-----w- c:\documents and settings\Sybille\Application Data\OpenOffice.org

2012-02-24 14:07 . 2012-02-24 14:07 -------- d-----w- c:\documents and settings\Kids\Application Data\Systweak

2012-02-24 14:07 . 2012-02-10 10:37 17280 ----a-w- c:\windows\system32\roboot.exe

2012-02-24 14:06 . 2012-02-24 14:07 -------- d-----w- c:\program files\RegClean Pro

2012-02-23 19:26 . 2012-02-26 17:13 -------- d--h--r- c:\documents and settings\Sybille\Onlangs geopend

2012-02-22 19:20 . 2012-02-22 19:20 -------- d-----w- c:\documents and settings\Kristof\Application Data\Malwarebytes

2012-02-22 19:20 . 2012-02-22 19:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2012-02-22 19:20 . 2012-02-22 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-22 19:20 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-19 07:28 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-15 17:58 . 2012-02-15 17:58 -------- d--h--r- c:\documents and settings\Sybille en Kristof\Onlangs geopend

2012-01-31 18:03 . 2012-02-18 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10

2012-01-31 17:38 . 2012-01-31 17:38 -------- d-----w- c:\documents and settings\Kristof\Local Settings\Application Data\Ilivid Player

2012-01-31 17:36 . 2012-01-31 17:36 -------- d-----w- c:\program files\Windows iLivid Toolbar

2012-01-31 17:36 . 2012-01-31 17:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess

2012-01-29 18:09 . 2012-01-31 18:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-18 18:55 . 2010-04-22 17:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-18 04:39 . 2011-05-16 16:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 17:20 . 2006-03-02 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:42 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start Uninstallation survey | AVG Nederland" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Password.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Password.lnk

backup=c:\windows\pss\Password.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-09-27 04:37 136176 ----atw- c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-06-01 09:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-08-03 07:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google Update"="c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"nwiz"=nwiz.exe /install

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\KetnetKick2\\Main.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\TuneUp Utilities 2012\\Integrator.exe"=

"c:\\Program Files\\TuneUp Utilities 2012\\UpdateWizard.exe"=

"c:\\Program Files\\TuneUp Utilities 2012\\OneClick.exe"=

"c:\\Program Files\\TuneUp Utilities 2012\\EnergyOptimizer.exe"=

"c:\\Program Files\\TuneUp Utilities 2012\\StartupOptimizer.exe"=

"c:\\Garmin\\Training Center.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8514:TCP"= 8514:TCP:BitComet 8514 TCP

"8514:UDP"= 8514:UDP:BitComet 8514 UDP

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2012 20:20 652360]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [23/11/2011 14:15 1510720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/02/2012 20:20 20464]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29/01/2008 9:29 47360]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [31/10/2011 15:00 10064]

S1 MpKsld88a96a2;MpKsld88a96a2;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D056C57-FE43-492F-94B5-5B31F39377C1}\MpKsld88a96a2.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D056C57-FE43-492F-94B5-5B31F39377C1}\MpKsld88a96a2.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 11:37 135664]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 11:37 135664]

S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [25/12/2008 14:25 38656]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:36]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:36]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1006Core.job

- c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-02 04:37]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1006UA.job

- c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-02 04:37]

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1007Core.job

- c:\documents and settings\Kids\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 11:39]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1007UA.job

- c:\documents and settings\Kids\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 11:39]

.

2012-02-26 c:\windows\Tasks\RegClean Pro_DEFAULT.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2012-02-24 10:37]

.

2012-02-24 c:\windows\Tasks\RegClean Pro_UPDATES.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2012-02-24 10:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.tijd.be/

mStart Page = hxxp://www.google.com

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

TCP: DhcpNameServer = 195.130.131.133 195.130.130.5

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe

MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-02-28 18:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1960408961-1659004503-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F77AC7CC-E924-F712-109E-38E37A9AEF80}*]

"jacfaeomacdikflapaee"=hex:62,61,6d,6f,00,00

"iackdlkjlmecjhbchm"=hex:6b,61,6e,6f,63,66,62,6a,6c,63,63,67,70,70,62,70,6d,6a,

67,67,64,6c,00,00

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(1408)

c:\windows\system32\nvappfilter.dll

.

- - - - - - - > 'explorer.exe'(3216)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Voltooingstijd: 2012-02-28 18:59:56 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-28 17:59

.

Pre-Run: 22.649.798.656 bytes beschikbaar

Post-Run: 23.188.336.640 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect /usepmtimer

.

- - End Of File - - BDED840C7F50DC01F122BC1464476CCC

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.