Ga naar inhoud

PC crasht, alles bevriest

omega

Door omega
in Archief Hardware algemeen

 Delen

Aanbevolen berichten

omega Enthousiasteling

omega

Geplaatst:
  • Auteur
Geplaatst:

Uitgevoerd. Die Babylon irriteerde mij inderdaad al, heeft zichzelf vorige week samen met iets anders geïnstalleerd.

ComboFix 12-06-13.05 - Jonas 14/06/2012 8:48.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2046.1651 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Jonas\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Jonas\Bureaublad\cfscript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Jonas\Application Data\Babylon

c:\documents and settings\Jonas\Application Data\Babylon\log_file.txt

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NQOKLPNF

-------\Service_nqoklpnf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))

.

.

2012-06-14 06:40 . 2012-06-14 06:41 -------- d--h--r- c:\documents and settings\Jonas\Onlangs geopend

2012-06-13 22:22 . 2012-06-13 22:23 -------- dc-h--w- c:\windows\ie8

2012-06-13 21:21 . 2012-05-08 07:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A45709E-7477-4A43-AB1C-085E5704FA14}\mpengine.dll

2012-06-12 06:16 . 2012-05-08 07:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-09 12:36 . 2012-06-09 12:36 -------- d-----w- c:\program files\Speccy

2012-06-06 19:14 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-06-06 19:08 . 2012-06-06 19:08 -------- d-----w- c:\documents and settings\Jonas\Local Settings\Application Data\PCHealth

2012-06-06 19:08 . 2012-06-06 19:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth

2012-06-06 19:08 . 2012-06-06 19:08 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-27 16:03 . 2012-05-27 16:03 237 ----a-w- C:\user.js

2012-05-27 16:03 . 2012-05-27 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2012-05-15 19:02 . 2012-05-15 19:03 -------- d-----w- c:\documents and settings\Jonas\Application Data\Ad-Aware Antivirus

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-03 19:43 . 2012-05-03 19:43 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-03 19:43 . 2012-05-03 19:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-03 19:43 . 2012-05-03 19:43 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-11 13:55 . 2008-04-14 22:11 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2008-04-15 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2008-04-15 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 13:56 . 2011-04-20 10:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot_2012-06-13_21.18.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-14 06:53 . 2012-06-14 06:53 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat

- 2010-02-17 18:09 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe

+ 2010-02-17 18:09 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe

+ 2010-02-17 18:08 . 2009-01-07 16:21 18464 c:\windows\system32\spmsg.dll

- 2010-02-17 18:08 . 2009-01-07 17:21 18464 c:\windows\system32\spmsg.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll

+ 2009-01-07 17:20 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll

- 2009-01-07 17:20 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll

- 2009-01-07 17:20 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll

+ 2009-01-07 17:20 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 48128 c:\windows\system32\mshtmler.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 66560 c:\windows\system32\mshtmled.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 45568 c:\windows\system32\mshta.exe

- 2008-04-15 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe

+ 2009-03-08 02:31 . 2009-03-08 02:31 13312 c:\windows\system32\msfeedssync.exe

- 2009-03-08 03:31 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe

+ 2009-03-08 02:31 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 03:31 . 2012-03-01 11:00 55296 c:\windows\system32\msfeedsbs.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 43008 c:\windows\system32\licmgr10.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 25600 c:\windows\system32\jsproxy.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 25600 c:\windows\system32\jsproxy.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 94720 c:\windows\system32\inseng.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 34816 c:\windows\system32\imgutil.dll

- 2009-03-08 03:32 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe

+ 2009-03-08 03:32 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe

+ 2008-04-15 12:00 . 2009-03-08 02:32 71680 c:\windows\system32\iesetup.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 55808 c:\windows\system32\iernonce.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll

- 2009-01-07 17:20 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll

+ 2009-01-07 17:20 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 59904 c:\windows\system32\icardie.dll

- 2009-03-08 03:31 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\dllcache\pngfilt.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 48128 c:\windows\system32\dllcache\mshtmler.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 45568 c:\windows\system32\dllcache\mshta.exe

- 2008-04-15 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe

+ 2008-04-15 12:00 . 2009-03-08 02:34 43008 c:\windows\system32\dllcache\licmgr10.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 94720 c:\windows\system32\dllcache\inseng.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 34816 c:\windows\system32\dllcache\imgutil.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 71680 c:\windows\system32\dllcache\iesetup.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 55808 c:\windows\system32\dllcache\iernonce.dll

- 2008-11-26 15:11 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll

+ 2008-11-26 15:11 . 2009-03-08 02:24 68608 c:\windows\system32\dllcache\hmmapi.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 18944 c:\windows\system32\dllcache\corpol.dll

- 2008-04-15 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 18944 c:\windows\system32\corpol.dll

- 2008-04-15 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 72704 c:\windows\system32\admparse.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 37888 c:\windows\ie8\url.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 37888 c:\windows\ie8\url.dll

+ 2012-06-13 22:23 . 2009-03-08 14:32 58448 c:\windows\ie8\spuninst\iecustom.dll

- 2010-02-23 21:15 . 2009-03-08 15:32 58448 c:\windows\ie8\spuninst\iecustom.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 39424 c:\windows\ie8\pngfilt.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 39424 c:\windows\ie8\pngfilt.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 97280 c:\windows\ie8\occache.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 97280 c:\windows\ie8\occache.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 57344 c:\windows\ie8\mshtmler.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 57344 c:\windows\ie8\mshtmler.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 29184 c:\windows\ie8\mshta.exe

- 2010-02-23 21:14 . 2008-04-15 12:00 29184 c:\windows\ie8\mshta.exe

- 2010-02-23 21:14 . 2008-04-15 12:00 22016 c:\windows\ie8\licmgr10.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 22016 c:\windows\ie8\licmgr10.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 15872 c:\windows\ie8\jsproxy.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 15872 c:\windows\ie8\jsproxy.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 96768 c:\windows\ie8\inseng.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 96768 c:\windows\ie8\inseng.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 35840 c:\windows\ie8\imgutil.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 35840 c:\windows\ie8\imgutil.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 93184 c:\windows\ie8\iexplore.exe

+ 2012-06-13 22:22 . 2008-04-15 12:00 93184 c:\windows\ie8\iexplore.exe

+ 2012-06-13 22:22 . 2008-04-15 12:00 63488 c:\windows\ie8\iesetup.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 63488 c:\windows\ie8\iesetup.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 48640 c:\windows\ie8\iernonce.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 48640 c:\windows\ie8\iernonce.dll

- 2010-02-23 21:14 . 2009-12-22 05:20 81920 c:\windows\ie8\ieencode.dll

+ 2012-06-13 22:22 . 2009-12-22 05:20 81920 c:\windows\ie8\ieencode.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 34304 c:\windows\ie8\ie4uinit.exe

- 2010-02-23 21:14 . 2008-04-15 12:00 34304 c:\windows\ie8\ie4uinit.exe

+ 2012-06-13 22:22 . 2008-04-15 12:00 38912 c:\windows\ie8\hmmapi.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 38912 c:\windows\ie8\hmmapi.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 35328 c:\windows\ie8\corpol.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 35328 c:\windows\ie8\corpol.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 61440 c:\windows\ie8\admparse.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 61440 c:\windows\ie8\admparse.dll

- 2008-04-15 12:00 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll

+ 2008-04-15 12:00 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 914944 c:\windows\system32\wininet.dll

+ 2009-03-08 02:34 . 2009-03-08 02:34 208384 c:\windows\system32\WinFXDocObj.exe

- 2009-03-08 03:34 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe

- 2008-04-15 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 236544 c:\windows\system32\webcheck.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 105984 c:\windows\system32\url.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\url.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 109568 c:\windows\system32\occache.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 611840 c:\windows\system32\mstime.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 193536 c:\windows\system32\msrating.dll

- 2008-04-15 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll

+ 2008-04-15 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\msls31.dll

- 2008-04-15 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 594432 c:\windows\system32\msfeeds.dll

- 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll

+ 2009-01-07 17:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll

- 2008-04-15 12:00 . 2011-03-04 06:36 726528 c:\windows\system32\jscript.dll

+ 2009-03-08 02:22 . 2009-03-08 02:22 164352 c:\windows\system32\ieui.dll

- 2009-03-08 03:22 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 183808 c:\windows\system32\iepeers.dll

+ 2008-04-15 12:00 . 2009-03-08 12:09 391536 c:\windows\system32\iedkcs32.dll

- 2009-03-08 03:11 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll

+ 2009-03-08 02:11 . 2009-03-08 02:11 445952 c:\windows\system32\ieapfltr.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\ieakui.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll

- 2008-04-15 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 229376 c:\windows\system32\ieaksie.dll

- 2008-04-15 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 125952 c:\windows\system32\ieakeng.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 173056 c:\windows\system32\ie4uinit.exe

+ 2008-04-15 12:00 . 2009-03-08 02:31 216064 c:\windows\system32\dxtrans.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 348160 c:\windows\system32\dxtmsft.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 914944 c:\windows\system32\dllcache\wininet.dll

- 2008-04-15 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 236544 c:\windows\system32\dllcache\webcheck.dll

+ 2008-11-26 15:11 . 2009-03-08 02:33 759296 c:\windows\system32\dllcache\VGX.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 105984 c:\windows\system32\dllcache\url.dll

+ 2009-01-07 16:20 . 2009-01-07 16:20 134144 c:\windows\system32\dllcache\sqmapi.dll

- 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 109568 c:\windows\system32\dllcache\occache.dll

- 2008-04-15 12:00 . 2012-03-01 11:00 611840 c:\windows\system32\dllcache\mstime.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll

- 2008-04-15 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 193536 c:\windows\system32\dllcache\msrating.dll

- 2008-04-15 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll

+ 2008-04-15 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\dllcache\msls31.dll

- 2008-04-15 12:00 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll

+ 2008-11-26 15:11 . 2009-03-08 12:09 638816 c:\windows\system32\dllcache\iexplore.exe

- 2008-11-26 15:11 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe

+ 2008-04-15 12:00 . 2009-03-08 02:31 183808 c:\windows\system32\dllcache\iepeers.dll

+ 2008-04-15 12:00 . 2009-03-08 12:09 391536 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\dllcache\ieakui.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 229376 c:\windows\system32\dllcache\ieaksie.dll

- 2008-04-15 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll

+ 2008-04-15 12:00 . 2009-03-08 02:33 125952 c:\windows\system32\dllcache\ieakeng.dll

- 2008-04-15 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-04-15 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 216064 c:\windows\system32\dllcache\dxtrans.dll

+ 2008-04-15 12:00 . 2009-03-08 02:31 348160 c:\windows\system32\dllcache\dxtmsft.dll

- 2008-04-15 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll

- 2008-04-15 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll

+ 2008-04-15 12:00 . 2009-03-08 02:32 128512 c:\windows\system32\advpack.dll

- 2010-02-23 21:14 . 2009-12-22 05:21 670208 c:\windows\ie8\wininet.dll

+ 2012-06-13 22:22 . 2009-12-22 05:21 670208 c:\windows\ie8\wininet.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 279552 c:\windows\ie8\webcheck.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 279552 c:\windows\ie8\webcheck.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 851968 c:\windows\ie8\vgx.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 851968 c:\windows\ie8\vgx.dll

- 2010-02-23 21:14 . 2008-05-09 10:56 430080 c:\windows\ie8\vbscript.dll

+ 2012-06-13 22:22 . 2008-05-09 10:56 430080 c:\windows\ie8\vbscript.dll

- 2010-02-23 21:14 . 2009-12-22 05:21 628224 c:\windows\ie8\urlmon.dll

+ 2012-06-13 22:22 . 2009-12-22 05:21 628224 c:\windows\ie8\urlmon.dll

+ 2012-06-13 22:23 . 2009-01-07 16:21 400928 c:\windows\ie8\spuninst\updspapi.dll

- 2010-02-23 21:15 . 2009-01-07 17:21 400928 c:\windows\ie8\spuninst\updspapi.dll

+ 2012-06-13 22:23 . 2009-01-07 16:21 235040 c:\windows\ie8\spuninst\spuninst.exe

- 2010-02-23 21:15 . 2009-01-07 17:21 235040 c:\windows\ie8\spuninst\spuninst.exe

+ 2012-06-13 22:22 . 2008-04-15 12:00 532480 c:\windows\ie8\mstime.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 532480 c:\windows\ie8\mstime.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 146432 c:\windows\ie8\msrating.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 146432 c:\windows\ie8\msrating.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 146432 c:\windows\ie8\msls31.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 146432 c:\windows\ie8\msls31.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 449024 c:\windows\ie8\mshtmled.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 449024 c:\windows\ie8\mshtmled.dll

- 2010-02-23 21:14 . 2009-08-13 15:24 512000 c:\windows\ie8\jscript.dll

+ 2012-06-13 22:22 . 2009-08-13 15:24 512000 c:\windows\ie8\jscript.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 251904 c:\windows\ie8\iepeers.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 251904 c:\windows\ie8\iepeers.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 323584 c:\windows\ie8\iedkcs32.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 323584 c:\windows\ie8\iedkcs32.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 237568 c:\windows\ie8\ieakui.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 237568 c:\windows\ie8\ieakui.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 220160 c:\windows\ie8\ieaksie.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 220160 c:\windows\ie8\ieaksie.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 143360 c:\windows\ie8\ieakeng.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 143360 c:\windows\ie8\ieakeng.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 205312 c:\windows\ie8\dxtrans.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 205312 c:\windows\ie8\dxtrans.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 357888 c:\windows\ie8\dxtmsft.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 357888 c:\windows\ie8\dxtmsft.dll

+ 2012-06-13 22:22 . 2008-04-15 12:00 100864 c:\windows\ie8\advpack.dll

- 2010-02-23 21:14 . 2008-04-15 12:00 100864 c:\windows\ie8\advpack.dll

+ 2008-04-15 12:00 . 2009-03-08 02:34 1206784 c:\windows\system32\urlmon.dll

+ 2008-04-15 12:00 . 2009-03-08 02:41 5937152 c:\windows\system32\mshtml.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 1985024 c:\windows\system32\iertutil.dll

- 2009-02-06 20:07 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat

+ 2009-02-06 19:07 . 2009-02-06 19:07 3698584 c:\windows\system32\ieapfltr.dat

+ 2008-04-15 12:00 . 2009-03-08 02:34 1206784 c:\windows\system32\dllcache\urlmon.dll

+ 2008-04-15 12:00 . 2009-03-08 02:41 5937152 c:\windows\system32\dllcache\mshtml.dll

+ 2012-06-13 22:22 . 2009-12-22 05:21 3092480 c:\windows\ie8\mshtml.dll

- 2010-02-23 21:14 . 2009-12-22 05:21 3092480 c:\windows\ie8\mshtml.dll

+ 2009-03-08 02:39 . 2009-03-08 02:39 11063808 c:\windows\system32\ieframe.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-4-17 2326528]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mnyfunua.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jonas^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]

path=c:\documents and settings\Jonas\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-07-16 15:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 14:13 38144]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 11:18 202016]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/01/2011 16:40 136176]

S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [15/04/2008 14:00 14336]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/01/2011 16:40 136176]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [26/02/2012 0:17 25888]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 16:02 287232]

S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [15/04/2008 14:00 14336]

.

NETSVCS VEREIST REPARATIES - huidige waarden worden getoond

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

winproxy

dsunidrv

Eplpdx02

RR2Mjpeg

MS1000

dot4ufd

ntuneservice

HSFHWALI

omsad

rt2870

s3savagenb

pdlncbas

p1110vid

askernel

ser2pl

surveyor

NwSapAgent

ZSMC301b

GV600_4

ZSMC303

AsIO

cbidf

pctavsvc

symmpi

sifilter

SQLAgent$LG_LP2

vrmonsvc

orbmediaservice

PDExchange

ftsata2

iviregmgr

CT20XUT.DLL

sagefserver

msloop

cwafeventrouter

gv3

atkdisplf

WNIPROT5

epfw

roxupnpserver

SeaPort

stirusb

ezplay

belgium_id_card_service

zd1211u(zydas)

oracledbconsoleorcl

stacsv

WUSB54Gv4SVC

DSXUSB

rtl8139

FileDisk

entertainment

tones

ispwdsvc

oracleorahomepagingserver

RDID1027

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:39]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:39]

.

2012-06-14 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]

.

2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-12-03 13:31]

.

2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-12-03 13:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.1.1

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Jonas\Application Data\Mozilla\Firefox\Profiles\rf2gctus.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-14 08:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-606747145-492894223-1417001333-1004\Software\SecuROM\License information*]

"datasecu"=hex:88,2b,83,a5,ca,bc,3f,27,59,bc,9a,e3,12,db,63,e6,d0,79,55,f1,b5,

76,8b,37,6a,7b,f7,2a,08,c5,26,ae,80,5c,04,91,f1,49,99,59,ed,b3,27,17,2b,03,\

"rkeysecu"=hex:40,a0,1a,ce,7b,8c,bc,ef,40,02,47,c8,89,e7,9a,09

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3296)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Voltooingstijd: 2012-06-14 08:55:17 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-14 06:55

ComboFix2.txt 2012-06-13 21:20

ComboFix3.txt 2011-04-21 16:38

.

Pre-Run: 147.156.488.192 bytes beschikbaar

Post-Run: 147.149.008.896 bytes beschikbaar

.

- - End Of File - - 63F9086F8825E5E477BFE178C0AB50FE

  • Reacties 40
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Ik zie nu dat ik een tikfoutje heb gemaakt en daardoor is niet alles verwijderd.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\documents and settings\All Users\Application Data\Babylon

Sla dit bestand op je bureaublad op als CFScript en laat het bestaande bestand overschrijven.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

omega Enthousiasteling

omega

Geplaatst:
  • Auteur
Geplaatst:

Niet erg, nieuwe log:

Ik merk wel dat Babylon nog als standaard "search" staat in Firefox en IE8

ComboFix 12-06-13.05 - Jonas 14/06/2012 20:12:24.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2046.1649 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Jonas\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Jonas\Bureaublad\CFScript.txt.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Babylon

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))

.

.

2012-06-14 06:56 . 2012-05-08 07:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAFFA848-4469-4504-B7F6-DC161FEC4ED5}\mpengine.dll

2012-06-14 06:40 . 2012-06-14 06:41 -------- d--h--r- c:\documents and settings\Jonas\Onlangs geopend

2012-06-13 22:22 . 2012-06-13 22:23 -------- dc-h--w- c:\windows\ie8

2012-06-12 06:16 . 2012-05-08 07:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-09 12:36 . 2012-06-09 12:36 -------- d-----w- c:\program files\Speccy

2012-06-06 19:14 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-06-06 19:08 . 2012-06-06 19:08 -------- d-----w- c:\documents and settings\Jonas\Local Settings\Application Data\PCHealth

2012-06-06 19:08 . 2012-06-06 19:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth

2012-06-06 19:08 . 2012-06-06 19:08 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-27 16:03 . 2012-05-27 16:03 237 ----a-w- C:\user.js

2012-05-15 19:02 . 2012-05-15 19:03 -------- d-----w- c:\documents and settings\Jonas\Application Data\Ad-Aware Antivirus

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-03 19:43 . 2012-05-03 19:43 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-03 19:43 . 2012-05-03 19:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-03 19:43 . 2012-05-03 19:43 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-11 13:55 . 2008-04-14 22:11 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2008-04-15 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2008-04-15 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 13:56 . 2011-04-20 10:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot_2012-06-14_06.53.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-14 18:11 . 2012-06-14 18:11 16384 c:\windows\Temp\Perflib_Perfdata_284.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-4-17 2326528]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mnyfunua.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jonas^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]

path=c:\documents and settings\Jonas\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-07-16 15:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 14:13 38144]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 11:18 202016]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 16:02 287232]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/01/2011 16:40 136176]

S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [15/04/2008 14:00 14336]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/01/2011 16:40 136176]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [26/02/2012 0:17 25888]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [15/04/2008 14:00 14336]

.

NETSVCS VEREIST REPARATIES - huidige waarden worden getoond

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

winproxy

dsunidrv

Eplpdx02

RR2Mjpeg

MS1000

dot4ufd

ntuneservice

HSFHWALI

omsad

rt2870

s3savagenb

pdlncbas

p1110vid

askernel

ser2pl

surveyor

NwSapAgent

ZSMC301b

GV600_4

ZSMC303

AsIO

cbidf

pctavsvc

symmpi

sifilter

SQLAgent$LG_LP2

vrmonsvc

orbmediaservice

PDExchange

ftsata2

iviregmgr

CT20XUT.DLL

sagefserver

msloop

cwafeventrouter

gv3

atkdisplf

WNIPROT5

epfw

roxupnpserver

SeaPort

stirusb

ezplay

belgium_id_card_service

zd1211u(zydas)

oracledbconsoleorcl

stacsv

WUSB54Gv4SVC

DSXUSB

rtl8139

FileDisk

entertainment

tones

ispwdsvc

oracleorahomepagingserver

RDID1027

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:39]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:39]

.

2012-06-14 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]

.

2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-12-03 13:31]

.

2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-12-03 13:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.1.1

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Jonas\Application Data\Mozilla\Firefox\Profiles\rf2gctus.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-14 20:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-606747145-492894223-1417001333-1004\Software\SecuROM\License information*]

"datasecu"=hex:88,2b,83,a5,ca,bc,3f,27,59,bc,9a,e3,12,db,63,e6,d0,79,55,f1,b5,

76,8b,37,6a,7b,f7,2a,08,c5,26,ae,80,5c,04,91,f1,49,99,59,ed,b3,27,17,2b,03,\

"rkeysecu"=hex:40,a0,1a,ce,7b,8c,bc,ef,40,02,47,c8,89,e7,9a,09

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(836)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-06-14 20:18:11

ComboFix-quarantined-files.txt 2012-06-14 18:18

ComboFix2.txt 2012-06-14 06:55

ComboFix3.txt 2012-06-13 21:20

ComboFix4.txt 2011-04-21 16:38

.

Pre-Run: 147.131.400.192 bytes beschikbaar

Post-Run: 147.130.744.832 bytes beschikbaar

.

- - End Of File - - 4885BE003325CEE7F4F9BCD3B6E77108

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Dit ziet er goed uit.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Ga naar start -alle programma's - bureauaccessoires.

Klik met rechts op het icoon van de opdrachtprompt en kies voor uitvoeren als administrator om het opdrachtprompt te openen.

Typ sfc /scannow en druk enter. (let op de spatie voor de / )

Alle windows systeembestanden worden nu gecontroleerd op fouten en indien nodig vervangen door een correcte versie.

Hou de windows installatie cd/dvd bij de hand (als je er een hebt) want er kan om gevraagd worden.

Na de scan krijg je een overzicht van de resutlaten en een verwijzing naar een CBS logbestand.

Typ nu findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log > "%userprofile%\Desktop\sfcdetails.txt" en druk enter.

Let op de spatie voor de / en %windir% en voor en na de >.

Nu zou je op je bureaublad het bestandje sfcdetails.txt moeten zien.

Voeg dit bestandje toe aan een volgend bericht.

Hoe je een bijlage toevoegt aan een bericht, kan je lezen in deze handleiding.

omega Enthousiasteling

omega

Geplaatst:
  • Auteur
Geplaatst:

Nu komen er een paar probleempjes:

Ik kan niet uitvoeren als admin, maar ik ben de enige dus ik ga ervan uit dat dat wel in orde is.

Als ik sfc /scannow typ begint hij te zoeken, maar als het gedaan is krijg ik geen rapport

De findstr regel wordt niet herkend en uitgevoerd, ik heb het meermaals geprobeerd.

omega Enthousiasteling

omega

Geplaatst:
  • Auteur
Geplaatst:

er is zelfs geen map Logs.

Sinds ik dit heb gedaan kan ik op de PC niet meer op internet, ik weet niet of het daar iets mee te maken heeft. En op mijn bureaublad worden al mijn pictogrammen steeds terug allemaal helemaal links gezet. Moet ik beginnen te panikeren?

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

omega Enthousiasteling

omega

Geplaatst:
  • Auteur
Geplaatst:

TDSS laat ik sowieso al geregeld lopen, die vindt nooit iets. Een log kan ik niet posten aangezien ik op die PC niet meer op internet kan, en ik niet ga liggen knoeien met USB stick terwijl hij niets vond.

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Ga je bekabeld of draadloos op internet?

Controleer bij apparaatbeheer of de netwerkadapters correct werken en ingeschakeld zijn.

Verwijder eventueel de bestaande netwerken in het netwerkcentrum en maak een nieuwe verbinding vanaf het begin.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.