Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Bij het opstarten van windows xp, kwam er een schermpje van Cmd.exe (met de gegevens),

c:\windows\system32>start/b regsvr32.exe/s/n/i:'''' ''c:\document and settings c:\windows\system32>

wat houd dit in, en is dit erg ?

En avast gaf gelijk op dat zelfde moment van opstarten pc, aan dat er wat in de Kluis was gezet, I

ik wilde graag weten wat er aan de hand is.

Cdj.

Geplaatst:

@ Cdj,

Om virus / malware uit te sluiten, voer onderstaande uit:

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hoe je controleert of je met een 32- of 64-bitversie van Windows werkt kan je hier bekijken.

Dubbelklik op RSIT.exe om de tool te starten.


  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" .

RSIT Logbestanden plaatsen


  • Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\\rsit")
  • Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

De handleiding voor het gebruik van RSIT kan je HIER bekijken en we hebben ook nog een instructievideo.

Geplaatst:

Hoi iEscape,

Heb een log gemaakt, (Ik zie het programma RSIT niet bij het bureaublad staan of onder Start klopt dit ?

Hier de log.

Logfile of random's system information tool 1.10 (written by random/random)

Run by cor at 2014-08-23 10:37:57

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 216 GB (92%) free of 233 GB

Total RAM: 958 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:38:06, on 23-8-2014

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\APPS\Powercinema\PCMService.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\WINDOWS\vsnpstd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\cor\Mijn documenten\Downloads\RSIT.exe

C:\Program Files\trend micro\cor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/webhp?hl=nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1388247824546

O20 - AppInit_DLLs: c:\documents and settings\all users\application data\winspeed\winspeed.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--

End of file - 7405 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\WINDOWS\tasks\At1.job - C:\DOCUME~1\cor\APPLIC~1\PRICEM~1\UPDATE~1\UPDATE~1.EXE /Check

C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

C:\WINDOWS\tasks\DriverDoc_UPDATES.job - C:\Program Files\DriverDoc\Solvusoftdd.exe -updatecheck

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job - C:\WINDOWS\system32\xp_eos.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-10 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-16 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-10 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-09-16 7630848]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-09-16 86016]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-24 16050688]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]

"PCMService"=c:\APPS\Powercinema\PCMService.exe [2006-02-23 147456]

"DetectorApp"=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [2005-10-20 102400]

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

"Vade Retro Outlook Express"=C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2004-10-04 310272]

"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-08-30 286720]

"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-01 4085896]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\documents and settings\all users\application data\winspeed\winspeed.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\APPS\Powercinema\PowerCinema.exe"="C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"

"C:\APPS\Powercinema\PCMService.exe"="C:\APPS\Powercinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"

"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"

"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"VIDC.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"VIDC.IYUV"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVU9"=tsbyuv.dll

"VIDC.YVYU"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.l3codecp"=

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-08-23 10:37:57 ----D---- C:\rsit

2014-08-23 10:37:57 ----D---- C:\Program Files\trend micro

2014-08-22 09:23:51 ----D---- C:\Documents and Settings\All Users\Application Data\WinSpeed

2014-08-12 10:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$

2014-08-12 10:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2014-08-11 10:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$

2014-08-11 10:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$

2014-08-11 10:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2014-08-11 10:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2014-08-11 10:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2014-08-11 10:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2014-08-11 10:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$

2014-08-11 10:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$

2014-08-11 10:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2014-08-11 10:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$

2014-08-11 10:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$

2014-08-11 10:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$

2014-08-11 10:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$

2014-08-11 10:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$

2014-08-11 10:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$

2014-08-11 10:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2834886$

2014-08-11 10:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2491683$

2014-08-11 10:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$

2014-08-11 10:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$

2014-08-11 10:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$

2014-08-11 10:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$

2014-08-11 10:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$

2014-08-11 10:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$

2014-08-11 10:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$

2014-08-11 10:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$

2014-08-11 10:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2014-08-11 10:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$

2014-08-11 10:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$

2014-08-11 10:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2014-08-11 10:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2014-08-11 10:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2014-08-11 10:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$

2014-08-11 10:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$

2014-08-11 10:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$

2014-08-11 10:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

2014-08-11 10:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$

2014-08-11 10:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2014-08-11 10:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$

2014-08-11 10:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$

2014-08-11 10:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2014-08-11 10:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$

2014-08-11 10:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$

2014-08-11 09:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2929961$

2014-08-11 09:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$

2014-08-11 09:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$

2014-08-11 09:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$

2014-08-11 09:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2014-08-11 09:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2014-08-11 09:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2014-08-11 09:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$

2014-08-11 09:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$

2014-08-11 09:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2014-08-11 09:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2014-08-11 09:58:36 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2014-08-11 09:58:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2014-08-11 09:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$

2014-08-11 09:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$

2014-08-11 09:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$

2014-08-11 09:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2014-08-11 09:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$

2014-08-11 09:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$

2014-08-11 09:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2930275$

2014-08-11 09:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$

2014-08-11 09:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2014-08-11 09:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2014-08-11 09:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$

2014-08-11 09:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2014-08-11 09:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2014-08-11 09:56:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$

2014-08-11 09:56:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$

2014-08-11 09:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2014-08-11 09:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2014-08-11 09:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$

2014-08-11 09:56:04 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2014-08-11 09:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$

2014-08-11 09:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2014-08-11 09:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$

2014-08-11 09:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2014-08-11 09:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$

2014-08-11 09:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$

2014-08-11 09:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$

2014-08-11 09:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$

2014-08-11 09:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2014-08-11 09:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$

2014-08-11 09:54:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$

2014-08-11 09:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$

2014-08-11 09:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$

2014-08-11 09:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2014-08-11 09:54:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$

2014-08-11 09:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$

2014-08-11 09:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

2014-08-11 09:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$

2014-08-11 09:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$

2014-08-11 09:51:56 ----D---- C:\WINDOWS\system32\MRT

2014-08-11 09:51:47 ----A---- C:\WINDOWS\system32\MRT.exe

2014-08-11 09:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$

2014-08-11 09:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2014-08-11 09:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$

2014-08-11 09:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$

2014-08-11 09:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$

2014-08-11 09:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2014-08-11 09:50:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2014-08-11 09:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$

2014-08-11 09:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$

2014-08-11 09:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$

2014-08-11 09:50:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$

2014-08-11 09:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

2014-08-11 09:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2014-08-11 09:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$

2014-08-11 09:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$

2014-08-11 09:49:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2014-08-11 09:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$

2014-08-11 09:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$

2014-08-11 09:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$

2014-08-11 09:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2014-08-11 09:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2014-08-11 09:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$

2014-08-11 09:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$

2014-08-11 09:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$

2014-08-11 09:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$

2014-08-11 09:48:07 ----D---- C:\WINDOWS\ie8updates

2014-08-11 09:48:03 ----D---- C:\Program Files\MSXML 4.0

2014-08-11 09:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$

2014-08-11 09:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$

2014-08-11 09:47:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$

2014-08-11 09:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2014-08-11 09:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$

2014-08-11 09:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$

2014-08-11 09:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$

2014-08-11 09:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$

2014-08-11 09:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$

2014-08-11 09:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2014-08-11 09:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2014-08-11 09:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$

2014-08-11 09:25:39 ----N---- C:\WINDOWS\system32\browserchoice.exe

2014-08-11 09:20:02 ----N---- C:\WINDOWS\system32\xp_eos.exe

2014-08-11 09:17:55 ----N---- C:\WINDOWS\system32\iacenc.dll

2014-08-10 10:42:38 ----A---- C:\WINDOWS\system32\javaws.exe

2014-08-10 10:42:31 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-08-10 10:42:31 ----A---- C:\WINDOWS\system32\javaw.exe

2014-08-10 10:42:31 ----A---- C:\WINDOWS\system32\java.exe

2014-08-05 14:44:04 ----D---- C:\Program Files\Common Files\Skype

2014-08-05 14:44:01 ----RD---- C:\Program Files\Skype

2014-08-01 14:08:47 ----D---- C:\Documents and Settings\All Users\Application Data\2308189059

2014-08-01 14:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 month======

2014-08-23 10:37:57 ----D---- C:\Program Files

2014-08-23 10:37:14 ----D---- C:\WINDOWS\Prefetch

2014-08-23 09:52:58 ----D---- C:\WINDOWS\Temp

2014-08-22 15:41:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2014-08-22 15:10:14 ----SHD---- C:\WINDOWS\Installer

2014-08-22 15:10:13 ----D---- C:\Config.Msi

2014-08-22 15:09:47 ----D---- C:\WINDOWS\system32

2014-08-21 10:21:46 ----D---- C:\WINDOWS\system32\FxsTmp

2014-08-21 07:53:40 ----A---- C:\WINDOWS\WORDPAD.INI

2014-08-18 09:24:25 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2014-08-16 12:21:33 ----D---- C:\WINDOWS

2014-08-16 12:17:54 ----D---- C:\WINDOWS\Debug

2014-08-14 11:44:58 ----A---- C:\WINDOWS\win.ini

2014-08-12 12:54:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2014-08-12 10:54:42 ----D---- C:\WINDOWS\system32\CatRoot2

2014-08-12 10:33:11 ----HD---- C:\WINDOWS\inf

2014-08-12 10:33:10 ----RSHDC---- C:\WINDOWS\system32\dllcache

2014-08-12 10:33:02 ----D---- C:\WINDOWS\system32\drivers

2014-08-12 10:31:00 ----HD---- C:\WINDOWS\$hf_mig$

2014-08-11 10:09:09 ----SD---- C:\WINDOWS\Tasks

2014-08-11 10:08:57 ----D---- C:\WINDOWS\system32\wbem

2014-08-11 10:08:57 ----D---- C:\WINDOWS\AppPatch

2014-08-11 10:05:33 ----D---- C:\Program Files\Messenger

2014-08-11 10:04:50 ----D---- C:\WINDOWS\WinSxS

2014-08-11 09:50:14 ----D---- C:\Program Files\Outlook Express

2014-08-11 09:49:42 ----D---- C:\Program Files\Movie Maker

2014-08-11 09:48:32 ----D---- C:\Program Files\Internet Explorer

2014-08-10 10:42:43 ----D---- C:\Program Files\Common Files\Java

2014-08-05 14:49:14 ----D---- C:\Documents and Settings\cor\Application Data\Skype

2014-08-05 14:44:11 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

2014-08-05 14:44:04 ----D---- C:\Program Files\Common Files

2014-08-01 14:05:20 ----D---- C:\Program Files\MP3 Rocket

2014-08-01 14:02:03 ----D---- C:\Documents and Settings\cor\Application Data\MP3Rocket

2014-08-01 09:49:57 ----D---- C:\Program Files\VideoLAN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-07-16 49944]

R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-07-16 192352]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]

R1 AmdK8;Stuurprogramma voor AMD-processor; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]

R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-07-16 55112]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-07-16 779536]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-07-16 414520]

R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-07-16 57800]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-10-14 8552]

R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-07-16 24184]

R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-07-16 67824]

R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-24 4374016]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-09-16 3963168]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]

R3 snpstd2;Trust WB-3400T Webcam; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 347264]

R3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]

R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]

R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-09-25 250368]

S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

S3 xjltnpjc;xjltnpjc; C:\WINDOWS\system32\drivers\xjltnpjc.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-16 50344]

R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2006-02-23 266338]

R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2006-02-23 114784]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-08-10 182696]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-09-16 155715]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-28 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18 262320]

S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-28 116648]

-----------------EOF-----------------

Geplaatst:

Dag Cdj,

Je hebt wat malware op je systeem staan.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie).


  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
c:\documents and settings\all users\application data\winspeed;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
"Alcmtr"=-;r
C:\WINDOWS\ALCMTR.EXE;f
C:\WINDOWS\tasks\At1.job;f
C:\DOCUME~1\cor\APPLIC~1\PRICEM~1;fs
xjltnpjc;s
C:\WINDOWS\system32\drivers\xjltnpjc.sys;f
emptyfolderscheck;delete 
emptyclsid; 
autoclean;
startupall; 
filesrcm;


  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Geplaatst:

Hoi Jion,

Hier het logje,

Zoek.exe v5.0.0.0 Updated 23-08-2014

Tool run by cor on zo 24-08-2014 at 8:50:06,64.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\cor\Mijn documenten\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

24-8-2014 8:52:28 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\Program Files\VideoLAN deleted successfully

C:\DOCUME~1\ALLUSE~1\APPLIC~1\2308189059 deleted successfully

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinSpeed deleted successfully

C:\Documents and Settings\cor\Application Data\AdobeUM deleted successfully

C:\Documents and Settings\cor\Application Data\SampleView deleted successfully

C:\Documents and Settings\cor\Application Data\VadeRetro deleted successfully

C:\Documents and Settings\Default User\Application Data\SampleView deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-555936597-2268059500-687246765-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D503352-5637-4300-76A7-7A786E7484D7} deleted successfully

HKEY_USERS\S-1-5-21-555936597-2268059500-687246765-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D503352-5637-4300-76A7-7A786E7484D7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-555936597-2268059500-687246765-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4D503352-5637-4300-76A7-7A786E7484D7} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xjltnpjc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xjltnpjc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xjltnpjc deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Alcmtr"=-

==== Deleting Files \ Folders ======================

c:\documents and settings\all users\application data\winspeed not found

C:\DOCUME~1\cor\APPLIC~1\PRICEM~1 not found

"C:\WINDOWS\system32\drivers\xjltnpjc.sys" not found

C:\Program Files\ComPlus Applications deleted

C:\Program Files\MyPC Backup deleted

C:\Program Files\SupTab deleted

C:\DOCUME~1\ALLUSE~1\APPLIC~1\APN deleted

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WPM deleted

C:\DOCUME~1\ALLUSE~1\APPLIC~1\PriceMeterLiveUpdate deleted

C:\WINDOWS\WININIT.INI deleted

C:\WINDOWS\tasks\At1.job deleted

"C:\WINDOWS\Alcmtr.exe" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\cor\LOCALS~1\Temp ====

====== Java Cache =====

====== C:\WINDOWS\system32 =====

2014-08-11 07:51:47 613817D8A16C0881E2C8B3BC1AE65F61 96303304 ----a-w- C:\WINDOWS\System32\MRT.exe

2014-08-11 07:25:39 DA1919D896DBD5895E138932AE9E398B 293376 ------w- C:\WINDOWS\System32\browserchoice.exe

2014-08-11 07:20:02 DDC2FD95F1B3A55CDDD0D91F0D7B3122 13312 ------w- C:\WINDOWS\System32\xp_eos.exe

2014-08-11 07:17:55 B6202B330A2D2948A1BDD11A04F9D591 3072 ------w- C:\WINDOWS\System32\iacenc.dll

2014-08-10 08:42:38 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\WINDOWS\System32\javaws.exe

2014-08-10 08:42:31 49E203776C2ACB289385168A9058EE9E 96680 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll

2014-08-10 08:42:31 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\WINDOWS\System32\javaw.exe

2014-08-10 08:42:31 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\WINDOWS\System32\java.exe

====== C:\WINDOWS\system32\drivers =====

====== C:\WINDOWS\Tasks ======

2014-08-11 08:09:09 783AC35DD870DCB1D4938BAFF4EA4B78 212 ----a-w- C:\WINDOWS\Tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-08-23 08:37:57 -------- d-----w- C:\Program Files\trend micro

2014-08-11 07:58:36 -------- d-----w- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2014-08-05 12:44:04 -------- d-----w- C:\Program Files\Common Files\Skype

2014-08-05 12:44:01 -------- d-----r- C:\Program Files\Skype

======= C: =====

====== C:\Documents and Settings\cor\Application Data ======

2014-08-05 12:44:16 -------- d-----w- C:\Documents and Settings\cor\Local Settings\Application Data\Skype

====== C:\Documents and Settings\cor ======

2014-08-16 10:19:08 -------- d--h--r- C:\Documents and Settings\cor\Onlangs geopend

====== C: exe-files ==

2014-08-23 08:37:58 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\cor.exe

2014-08-23 08:36:53 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Documents and Settings\cor\Mijn documenten\Downloads\RSIT.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-555936597-2268059500-687246765-1006\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"

"RTHDCPL"="RTHDCPL.EXE"

"PCMService"="c:\APPS\Powercinema\PCMService.exe"

"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe"

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup"

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start"

"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18-08-2014 09:24]

C:\WINDOWS\tasks\avast\Undetermined Task.exe []

C:\WINDOWS\tasks\DriverDoc_UPDATES.job --a------ C:\Program Files\DriverDoc\Solvusoftdd.exe []

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28-12-2013 18:48]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28-12-2013 18:48]

C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job --a------ C:\WINDOWS\system32\xp_eos.exe [27-02-2014 01:28]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16-07-2014 11:44]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[16-07-2014 11:44]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.nl/webhp?hl=nl"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.nl/webhp?hl=nl"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{1584C0F3-F33D-4FE7-B295-48DA62D8D247}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"

{1584C0F3-F33D-4FE7-B295-48DA62D8D247} Google Url="http://www.google.com/search?q={searchTerms}"

{1584C0F3-F33D-4FE7-B295-48DA62D8D247} Google Url="http://www.google.com/search?q={searchTerms}"

{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Google Url="http://www.google.com/search?q={searchTerms}"

{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Google Url="http://www.google.com/search?q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-555936597-2268059500-687246765-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\cor\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\cor\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=54 folders=36 1004856 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\cor\Local Settings\Temp will be emptied at reboot

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp will be emptied at reboot

C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\cor\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\cor\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temp\History" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files" not deleted

==== EOF on zo 24-08-2014 at 9:11:50,78 ======================

Geplaatst:

1.

Download adwcleaner.pngAdwCleaner by Xplode naar het bureaublad.


  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik op Scan.
  • Klik vervolgens op Clean.
  • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen


  • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

2.

Download 51a46ae42d560-malwarebytes_anti_malware.pngMalwareBytes Anti-Malware bij voorkeur naar het bureaublad.


  • Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
  • Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.


  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.

    • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
    • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
    • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
    • Dit bestand zal standaard op uw bureaublad worden opgeslagen.

532aab157609a-MBAM-Scan.png

MalwareBytes' Anti-Malware logbestand plaatsen


  • Voeg het logbestand wat u zojuist heeft opgeslagen als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in Malwarebytes Anti-Malware bij Historie > Programmalogboeken)
  • Plaats de inhoud van dit logbestand in het volgende bericht.

Geplaatst:

Hier de 2e logs,

# AdwCleaner v3.308 - Rapport aangemaakt 24/08/2014 op 10:43:59

# Laatste Update 20/08/2014 door Xplode

# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)

# Gebruikersnaam : cor - CDJ

# Gestart vanuit : C:\Documents and Settings\cor\Mijn documenten\Downloads\adwcleaner_3.308.exe

# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

***** [ Taken ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Verwijderd : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{41f15de4}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Sleutel Verwijderd : HKCU\Software\InstallCore

Sleutel Verwijderd : HKCU\Software\Optimizer Pro

Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Sleutel Verwijderd : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Sleutel Verwijderd : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v36.0.1985.143

[ Bestand : C:\Documents and Settings\cor\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Verwijderd [search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=743efa140000000000000019215fd31c

*************************

AdwCleaner[R0].txt - [2346 octets] - [24/08/2014 10:38:54]

AdwCleaner[s0].txt - [2216 octets] - [24/08/2014 10:43:59]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2276 octets] ##########

__________________________________________________________________________________________________

Malwarebytes Anti-Malware

Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 24-8-2014

Scan Time: 11:07:43

Logfile: mbam log 24-8-2014.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.08.24.02

Rootkit Database: v2014.08.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: cor

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 261685

Time Elapsed: 10 min, 1 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Geplaatst:

Hallo Jion,

De pc bleef met die Maleware gelukkig wel goed werken.

Ik heb eindelijk de Kluis van Avast weer kunnen vinden, daar staat inderdaad die Maleware in van vrijdag 22 augustus,

maar ook een Trj op het zelfde moment als de maleware, is die Trj nu ook van de pc af ?

Er staan in totaal 8 dingen in de kluis, moet ik die verwijderen of laten zitten ?

Geplaatst:

Wat in de kluis van Avast zit, mag je daar gerust laten zitten. Het kan geen kwaad meer.

De andere malware hebben we met de voorgaande stappen verwijderd.

Om af te sluiten, mag je het volgende nog uitvoeren:

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:


  • Remove disinfection tools
  • Purge System Restore

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.