computer ontzettend traag/iexplore.exe/msmpeng.exe

[Evelienjansen]

Hallo, sinds een week is mijn computer ontzettend traag. Ik heb in veilige modus F8 gedaan, alle antivirusprogr verwijderd, microsoft security essentials laten scannen (dat duurde ruim 4,5 uur!), overbodige programma's verwijderd uit software. Ik zie bij processen steeds iexplore.exe en msmpeng.exe. Ik weet dat dat niet goed is, maar ik weet niet wat ik moet doen. Ben zo langzamerhand wanhopig, want het probleem van traag lijkt steeds erger en erger te worden! Wie o wie kan mij helpen?

Groetjes, Evelien

[Icepick_80]

Hey Evelien,

Aantal mogelijke actiepuntjes:

- Windows Updates

- Internet Explorer deïnstalleren (te vinden bij Windows onderdelen) en herinstalleren

- chkdsk /f in command prompt (Start > Uitvoeren (Run) > cmd > chkdsk /f of chkdsk /f /r (duurt wel langer); wordt uitgevoerd bij volgende start computer)

- Andere browser!!! Firefox, Google Chrome,... Alles is beter dan Internet Explorer

Het msmpeng.exe proces is niks bedreigend, komt van Windows Defender. Check ook even of je geen 2 anti-virusprogramma's tegelijkertijd hebt lopen, dan loopt het helemaal in de soep...

Opstartitems checken bij Start > Uitvoeren (Run) > msconfig > tab "Opstarten" (Startup) kan ook helpen.

Laat even weten of dit je al verder helpt, anders kijken we verder !

Greetz,

Icepick

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Evelienjansen]

Hallo, dit is de log. Mijn toetsenbord reageert ook bijna niet. Ik moet toetsen heel hard indrukken. Bedankt!

ComboFix 12-07-10.01 - nellie 10-07-2012 22:02:19.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.634 [GMT 2:00]

Gestart vanuit: c:\documents and settings\nellie\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\nellie\Application Data\PriceGong

c:\documents and settings\nellie\Application Data\PriceGong\Data\1.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\2258.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\a.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\b.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\c.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\d.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\e.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\f.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\g.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\h.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\i.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\j.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\k.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\l.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\m.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\nellie\Application Data\PriceGong\Data\n.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\o.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\p.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\q.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\r.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\s.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\t.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\u.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\v.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\w.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\x.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\y.txt

c:\documents and settings\nellie\Application Data\PriceGong\Data\z.txt

c:\documents and settings\nellie\WINDOWS

c:\windows\help\wmplayer.bak

c:\windows\IsUn0413.exe

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\DC120fc7_32.dll

c:\windows\system32\winsusrm.dll

c:\windows\system32\winsusrx.dll

c:\windows\unin0413.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))

.

.

2012-07-10 09:11 . 2012-07-10 09:11 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D632A040-F50D-4012-9F59-4329266CB088}\offreg.dll

2012-07-10 08:57 . 2012-05-30 18:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D632A040-F50D-4012-9F59-4329266CB088}\mpengine.dll

2012-07-10 08:54 . 2012-07-10 08:54 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-08 14:51 . 2012-07-10 07:41 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-07-08 08:21 . 2012-07-08 08:21 -------- d-----w- c:\windows\system32\wbem\Repository

2012-07-08 08:21 . 2012-07-08 08:21 -------- d-----w- c:\program files\TomTom International B.V

2012-07-08 08:21 . 2012-07-10 07:31 -------- d-----w- c:\documents and settings\nellie\Application Data\uTorrent

2012-07-08 08:21 . 2012-07-08 08:21 -------- d-----w- c:\program files\uTorrent

2012-06-13 13:19 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-02 13:19 . 2007-06-27 06:59 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2004-08-13 07:52 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2004-08-13 07:52 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2004-08-13 07:52 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2005-05-26 02:16 45080 -c--a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2004-08-13 07:52 35864 -c--a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2003-01-29 13:01 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2003-01-29 12:44 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-06-27 06:59 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2007-06-27 06:59 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2004-08-13 07:52 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2007-06-27 06:59 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2003-01-29 13:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2009-06-22 07:09 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2006-04-21 08:51 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2005-05-26 02:19 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2004-04-20 10:04 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2004-02-06 16:09 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:55 . 2003-01-29 12:46 1863296 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:44 . 2003-01-29 12:45 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2003-01-29 12:45 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 06:45 . 2002-09-09 11:17 2073472 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-05 03:15 . 2003-01-29 12:45 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-02 13:47 . 2003-01-29 13:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 17:02 57344 -csha-w- c:\windows\system32\msvcirt.dll

2008-04-14 17:02 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 17:02 343040 --sha-w- c:\windows\system32\msvcrt.dll

2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll

2008-04-14 17:03 12288 -csh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-27 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 335872]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-29 151597]

"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2011-06-01 1197192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^officejet 6100.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\officejet 6100.lnk

backup=c:\windows\pss\officejet 6100.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]

2003-05-02 09:31 24576 -c--a-w- c:\apps\ABoard\ABOARD.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON BX300F Series]

2008-01-22 06:00 188928 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEJE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-06-07 15:51 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2009-03-17 12:24 157552 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-07-01 16:23 67584 -c--a-w- c:\windows\soundman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-10-27 09:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2003-08-29 21:28 151597 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2012-05-11 12:03 880496 -c--a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]

2002-06-07 10:34 299008 ----a-w- c:\program files\Virtual CD v4 SDK\System\vcsplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [29-8-2003 23:32 49232]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [1-6-2011 12:45 215688]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [1-6-2011 12:45 1299080]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [29-8-2003 23:32 139264]

R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [28-7-2009 21:20 30560]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20-4-2010 11:49 27632]

R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S1 MpKsl48dc9eb6;MpKsl48dc9eb6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D632A040-F50D-4012-9F59-4329266CB088}\MpKsl48dc9eb6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D632A040-F50D-4012-9F59-4329266CB088}\MpKsl48dc9eb6.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-10-2010 11:41 136176]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20-4-2010 11:49 13224]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-10-2010 11:41 136176]

S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys --> c:\windows\system32\DRIVERS\mr97310v.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29-1-2003 14:46 14336]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20-4-2010 10:57 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20-4-2010 10:57 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20-4-2010 10:57 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20-4-2010 10:57 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20-4-2010 10:57 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20-4-2010 10:57 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20-4-2010 10:57 109736]

S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [7-1-2007 10:39 40060]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-06 c:\windows\Tasks\Afsluiten op koopavonden.job

- c:\windows\system32\shutdown.exe [2003-01-29 17:03]

.

2012-07-10 c:\windows\Tasks\Afsluiten op weekdagen.job

- c:\windows\system32\shutdown.exe [2003-01-29 17:03]

.

2012-06-23 c:\windows\Tasks\Afsluiten op zaterdag.job

- c:\windows\system32\shutdown.exe [2003-01-29 17:03]

.

2012-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-27 09:40]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-27 09:40]

.

2004-04-20 c:\windows\Tasks\Herinnering voor registratie 1.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

.

2004-04-26 c:\windows\Tasks\Herinnering voor registratie 2.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

.

2004-04-19 c:\windows\Tasks\Herinnering voor registratie 3.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

.

2012-07-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]

.

2012-02-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IcePick_exe.job

- c:\program files\Microsoft LifeCam\IcePick.exe [2009-03-17 12:24]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = https://www.google.nl/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSConfigStartUp-ccleaner - c:\program files\CCleaner\CCleaner.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

AddRemove-Shockwave - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-10 22:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3968)

c:\program files\Fighters\SPAMfighter\LiveKit.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\windows\system32\msiexec.exe

c:\program files\Common Files\Real\Update_OB\rnathchk.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-10 22:18:36 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-10 20:18

.

Pre-Run: 49.840.619.520 bytes beschikbaar

Post-Run: 50.190.077.952 bytes beschikbaar

.

- - End Of File - - FE47287B1F743975E483F930F13E9277

[Evelienjansen]

Hoi Icepick,

Sorry, maar ik weet nog niet zo heel veel. Explorer deinstalleren (bij windows onderdelen) dat zegt me niks. Kun je de stappen even opschrijven voor me? Dank je! Groetjes, Evelien

[Evelienjansen]

Hoi Icepick, Start-uitvoeren-msconfig-opstarten, maar dan weet ik niet wat ik uit moet zetten, dus welke vinkjes ik weg moet halen. Verder heb ik al je stappen uitgevoerd. Gr Eef

[kape]

Is de snelheid al verbeterd nà het gebruik van Combofix ? Zo niet, doe dan even het volgende :

Download HijackThis

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere PC en het bestand met een USB-stick overbrengen.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

[Evelienjansen]

Hoi Kape, het lukt niet. Als ik dubbelklik moet ik eerst voorwaarden accepteren. Dan next. Dan vraagt hij waar ik het wil opslaan. Klik ik next krijg ik de volgende melding: In Windows installer is een fout opgetreden en moet worden afgesloten. U was bezig met een bewerking. Deze gegevens zijn mogelijk verloren gegaan. Ik heb t 4x geprobeerd, het lukt niet. Wat nu?

[Asus]

Lukt het met de .exe van HijackThis ?...je kan hem downloaden als je hier klikt.

[Evelienjansen]

Ja, het is gelukt, hier komt ie:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:12:58, on 11-7-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Fighters\SPAMfighter\sfagent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Fighters\SPAMfighter\sfus.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Documents and Settings\nellie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\nellie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\nellie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\nellie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\nellie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\nellie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\nellie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nellie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InterBase Guardian (InterbaseGuardian) - Unknown owner - C:\Program Files\Borland\Interbase\Bin\ibguard.exe (file missing)

O23 - Service: InterBase Server (InterbaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\Bin\ibserver.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe

O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--

End of file - 7216 bytes