Trage computer
18 berichten
• Pagina 1 van 1
Trage computer
door arpido » do 13 jan 2011, 21:19
Hallo brekers,
Onderstaande logjes plaats ivm een vertraagde computer. Er zijn naar mijn mening erg veel actieve processen van toepassingen die volgens mij niet actief hoeven te zijn. Graag jullie mening en aanpassingen.
Alvast bedankt voor de reacties.
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Databaseversie: 5512
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13-1-2011 20:04:48
mbam-log-2011-01-13 (20-04-48).txt
Scantype: Snelle scan
Objecten gescand: 134287
Verstreken tijd: 7 minuut/minuten, 25 seconde(n)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 5
Registerwaarden geïnfecteerd: 3
Registerdata geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1408 -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Delete on reboot.
c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:46, on 13-1-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\360Amigo\360Amigo.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AmigoSvr - 360 Amigo - C:\Program Files\360Amigo\360Amigo.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ec206221a310) (gupdate1c9ec206221a310) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6792 bytes
Onderstaande logjes plaats ivm een vertraagde computer. Er zijn naar mijn mening erg veel actieve processen van toepassingen die volgens mij niet actief hoeven te zijn. Graag jullie mening en aanpassingen.
Alvast bedankt voor de reacties.
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Databaseversie: 5512
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13-1-2011 20:04:48
mbam-log-2011-01-13 (20-04-48).txt
Scantype: Snelle scan
Objecten gescand: 134287
Verstreken tijd: 7 minuut/minuten, 25 seconde(n)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 5
Registerwaarden geïnfecteerd: 3
Registerdata geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1408 -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Delete on reboot.
c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:46, on 13-1-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\360Amigo\360Amigo.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AmigoSvr - 360 Amigo - C:\Program Files\360Amigo\360Amigo.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ec206221a310) (gupdate1c9ec206221a310) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6792 bytes
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door Juisterr » vr 14 jan 2011, 14:48
Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
-
Juisterr - Beveiligings Analist
- Berichten: 1384
- Geregistreerd: ma 10 mei 2010, 19:28
- Woonplaats: Kotje aan de kust
Re: Trage computer
door arpido » za 15 jan 2011, 15:09
Combofix wil niets doen zolang AVG2009 nog geïnstalleerd is. Alleen uitschakelen is onvoldoende. Dus, ben AVG gaan verwijderen, tijdens dit proces per abuis op annuleren gedrukt.
Opnieuw gaan verwijderen en dat kan nu niet meer ivm het geen toegang krijgen tot een registersleutel. Nog nooit meegemaakt maar ik krijg het niet klaar. Ook niet in de veilige modus. Weet nu even niet meer hoe nu verder. Enige wat ik kan bedenken is een nieuwere versie installeren in de hoop dat de oude AVG automatisch wordt verwijderd.
Echter, op een andere PC afgelopen week getracht de nieuwste AVG te installeren. Getracht want Windows stak hier een stokje voor ivm 'ernstige bedreigingen voor de stabiliteit' van het systeem.
Wordt vervolgd.
Opnieuw gaan verwijderen en dat kan nu niet meer ivm het geen toegang krijgen tot een registersleutel. Nog nooit meegemaakt maar ik krijg het niet klaar. Ook niet in de veilige modus. Weet nu even niet meer hoe nu verder. Enige wat ik kan bedenken is een nieuwere versie installeren in de hoop dat de oude AVG automatisch wordt verwijderd.
Echter, op een andere PC afgelopen week getracht de nieuwste AVG te installeren. Getracht want Windows stak hier een stokje voor ivm 'ernstige bedreigingen voor de stabiliteit' van het systeem.
Wordt vervolgd.
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door arpido » za 15 jan 2011, 15:38
Dat opnieuw installeren was leuk bedacht maar zoals te verwachten gaat dat niet lukken.
Tijdens de installatie komt de melding 'algemene fout, code 0xC0070643, probeer de installatie handmatig ongedaan te maken'. Dat wil dus niet..
Iemand suggesties?
Tijdens de installatie komt de melding 'algemene fout, code 0xC0070643, probeer de installatie handmatig ongedaan te maken'. Dat wil dus niet..
Iemand suggesties?
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door arpido » zo 16 jan 2011, 12:41
Nee dat gaat niet omdat AVG niet geïnstalleerd mag zijn.
Nu is het vreemde dat alles normaal leek te functioneren. Wat ik precies gedaan heb is me nog niet duidelijk maar vanochtend zijn er 74 (!!) updates gedownload en geïnstalleerd voor XP (auto-update staat altijd aan...)
Ik ga nu nogmaals een poging wagen.
Nu is het vreemde dat alles normaal leek te functioneren. Wat ik precies gedaan heb is me nog niet duidelijk maar vanochtend zijn er 74 (!!) updates gedownload en geïnstalleerd voor XP (auto-update staat altijd aan...)
Ik ga nu nogmaals een poging wagen.
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door arpido » ma 17 jan 2011, 13:57
Vandaag weer een poging gedaan combofix te runnen. Hij blijft roepen dat AVG niet geïnstalleerd mag zijn en stopt ermee. Wederom geprobeerd AVG te verwijderen maar dit gaat niet ivm het geen toegang verkrijgen tot een registersleutel.
Iemand een oplossing?
Iemand een oplossing?
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door URBANUS » ma 17 jan 2011, 14:14
Gebruik deze eens om de restanten van AVG te verwijderen> http://mozeskriebel.com/download.php?view.1177
Waarom heb je geen nieuwe topic geopend zoals ik je al gevraagd had? Normaal mag ik hier niks plaatsen anders krijg ik terug onder mijn voeten
Waarom heb je geen nieuwe topic geopend zoals ik je al gevraagd had? Normaal mag ik hier niks plaatsen anders krijg ik terug onder mijn voeten
-
URBANUS - Stamgast
- Berichten: 2661
- Geregistreerd: wo 11 aug 2010, 10:10
- Woonplaats: dikkebus- heuvelland
Re: Trage computer
door arpido » ma 17 jan 2011, 15:35
Beste Urbanus, helaas had ik je berichtje nog niet gelezen in mijn mail, excuus. Ik zet deze berichtgeving on hold totdat het AVG-probleem is opgelost.
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door arpido » ma 24 jan 2011, 14:00
Met dank aan Urbanus...
Hier de combofix resultaten:
ComboFix 11-01-23.06 - Gebruiker 24-01-2011 12:19:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.735.459 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-24 to 2011-01-24 ))))))))))))))))))))))))))))))
.
2011-01-23 10:21 . 2011-01-23 13:54 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend
2011-01-23 07:55 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-23 07:55 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-23 07:54 . 2008-04-14 21:09 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-01-23 07:54 . 2008-04-14 21:09 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\program files\MSBuild
2011-01-16 10:55 . 2011-01-16 10:55 -------- d-----w- c:\program files\Reference Assemblies
2011-01-16 10:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-16 10:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-16 10:52 . 2011-01-16 10:54 -------- d-----w- C:\490f851d5eb923a475a7
2011-01-16 08:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-16 08:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-16 08:14 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-16 08:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-16 08:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-16 08:12 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-16 08:11 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-16 08:10 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-16 08:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-16 07:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-15 13:10 . 2011-01-15 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-15 13:09 . 2011-01-15 13:10 4622344 ----a-w- C:\avg_free_stb_all_2011_1191_cnet.exe
2011-01-15 12:48 . 2011-01-15 12:49 -------- d-----w- c:\documents and settings\Administrator
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 14:45 . 2011-01-13 14:45 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 07:27 . 2010-12-31 07:27 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\YouTube Downloader
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Search Settings
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-12-30 20:36 . 2011-01-13 19:07 -------- d-----w- c:\program files\Application Updater
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\Common Files\Spigot
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2008-10-17 21:05 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 00:03 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-04 00:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-04 00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:27 . 2004-08-03 23:55 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-09-07 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-04 00:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2004-08-03 23:56 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-09 10:37 . 2010-10-09 10:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Home Server.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Home Server.lnk
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2010-08-15 10:53 2964040 ----a-w- c:\program files\360Amigo\360Amigo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 20:33 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-09 10:37 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-08-15 10:35 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-12-08 11:33 1173384 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-07-16 18:55 284024 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuite.exe]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync2.exe]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 15:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2008-10-18 10:31 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-18 08:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-21 08:13 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31-3-2009 11:04 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2-8-2009 13:34 130936]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-12-2008 20:30 642560]
R2 AmigoSvr;AmigoSvr;c:\program files\360Amigo\360Amigo.exe [15-8-2010 11:53 2964040]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 11:38 92008]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [12-7-2008 13:30 326688]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [19-10-2008 10:52 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [19-10-2008 10:52 6100]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [10-12-2008 20:40 223128]
S2 gupdate1c9ec206221a310;Google Update Service (gupdate1c9ec206221a310);c:\program files\Google\Update\GoogleUpdate.exe [13-6-2009 13:13 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9-10-2010 11:37 30192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18-10-2008 9:41 348752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2009-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 19:03]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
2009-07-23 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-06-20 18:55]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ccfa9f67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS VERWIJDERD - - - -
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
MSConfigStartUp-Google Update - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 12:32
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\webcheck.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Voltooingstijd: 2011-01-24 12:40:39 - machine werd herstart
ComboFix-quarantined-files.txt 2011-01-24 11:40
Pre-Run: 4.643.418.112 bytes beschikbaar
Post-Run: 4.488.081.408 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0C0639A2FD29F056CF5A11686059BBAC
Hier de combofix resultaten:
ComboFix 11-01-23.06 - Gebruiker 24-01-2011 12:19:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.735.459 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-24 to 2011-01-24 ))))))))))))))))))))))))))))))
.
2011-01-23 10:21 . 2011-01-23 13:54 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend
2011-01-23 07:55 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-23 07:55 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-23 07:54 . 2008-04-14 21:09 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-01-23 07:54 . 2008-04-14 21:09 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\program files\MSBuild
2011-01-16 10:55 . 2011-01-16 10:55 -------- d-----w- c:\program files\Reference Assemblies
2011-01-16 10:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-16 10:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-16 10:52 . 2011-01-16 10:54 -------- d-----w- C:\490f851d5eb923a475a7
2011-01-16 08:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-16 08:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-16 08:14 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-16 08:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-16 08:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-16 08:12 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-16 08:11 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-16 08:10 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-16 08:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-16 07:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-15 13:10 . 2011-01-15 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-15 13:09 . 2011-01-15 13:10 4622344 ----a-w- C:\avg_free_stb_all_2011_1191_cnet.exe
2011-01-15 12:48 . 2011-01-15 12:49 -------- d-----w- c:\documents and settings\Administrator
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 14:45 . 2011-01-13 14:45 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 07:27 . 2010-12-31 07:27 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\YouTube Downloader
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Search Settings
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-12-30 20:36 . 2011-01-13 19:07 -------- d-----w- c:\program files\Application Updater
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\Common Files\Spigot
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2008-10-17 21:05 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 00:03 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-04 00:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-04 00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:27 . 2004-08-03 23:55 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-09-07 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-04 00:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2004-08-03 23:56 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-09 10:37 . 2010-10-09 10:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Home Server.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Home Server.lnk
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2010-08-15 10:53 2964040 ----a-w- c:\program files\360Amigo\360Amigo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 20:33 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-09 10:37 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-08-15 10:35 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-12-08 11:33 1173384 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-07-16 18:55 284024 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuite.exe]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync2.exe]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 15:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2008-10-18 10:31 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-18 08:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-21 08:13 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31-3-2009 11:04 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2-8-2009 13:34 130936]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-12-2008 20:30 642560]
R2 AmigoSvr;AmigoSvr;c:\program files\360Amigo\360Amigo.exe [15-8-2010 11:53 2964040]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 11:38 92008]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [12-7-2008 13:30 326688]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [19-10-2008 10:52 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [19-10-2008 10:52 6100]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [10-12-2008 20:40 223128]
S2 gupdate1c9ec206221a310;Google Update Service (gupdate1c9ec206221a310);c:\program files\Google\Update\GoogleUpdate.exe [13-6-2009 13:13 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9-10-2010 11:37 30192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18-10-2008 9:41 348752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2009-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 19:03]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
2009-07-23 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-06-20 18:55]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ccfa9f67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS VERWIJDERD - - - -
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
MSConfigStartUp-Google Update - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 12:32
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\webcheck.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Voltooingstijd: 2011-01-24 12:40:39 - machine werd herstart
ComboFix-quarantined-files.txt 2011-01-24 11:40
Pre-Run: 4.643.418.112 bytes beschikbaar
Post-Run: 4.488.081.408 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0C0639A2FD29F056CF5A11686059BBAC
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door Juisterr » ma 24 jan 2011, 14:08
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Firefox::
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ccfa9f67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
Firefox::
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ccfa9f67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
-
Juisterr - Beveiligings Analist
- Berichten: 1384
- Geregistreerd: ma 10 mei 2010, 19:28
- Woonplaats: Kotje aan de kust
Re: Trage computer
door arpido » ma 24 jan 2011, 15:18
bij dezen
ComboFix 11-01-23.07 - Gebruiker 24-01-2011 14:03:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.735.500 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-24 to 2011-01-24 ))))))))))))))))))))))))))))))
.
2011-01-24 12:32 . 2011-01-24 12:32 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG10
2011-01-24 12:30 . 2011-01-24 12:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-24 12:10 . 2011-01-24 12:10 -------- d-----w- c:\windows\Internet Logs
2011-01-23 10:21 . 2011-01-24 12:49 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend
2011-01-23 07:55 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-23 07:55 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-23 07:54 . 2008-04-14 21:09 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-01-23 07:54 . 2008-04-14 21:09 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\program files\MSBuild
2011-01-16 10:55 . 2011-01-16 10:55 -------- d-----w- c:\program files\Reference Assemblies
2011-01-16 10:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-16 10:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-16 10:52 . 2011-01-16 10:54 -------- d-----w- C:\490f851d5eb923a475a7
2011-01-16 08:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-16 08:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-16 08:14 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-16 08:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-16 08:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-16 08:12 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-16 08:11 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-16 08:10 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-16 08:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-16 07:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-15 13:10 . 2011-01-24 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-15 13:09 . 2011-01-15 13:10 4622344 ----a-w- C:\avg_free_stb_all_2011_1191_cnet.exe
2011-01-15 12:48 . 2011-01-15 12:49 -------- d-----w- c:\documents and settings\Administrator
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 14:45 . 2011-01-13 14:45 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 07:27 . 2010-12-31 07:27 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\YouTube Downloader
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Search Settings
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-12-30 20:36 . 2011-01-13 19:07 -------- d-----w- c:\program files\Application Updater
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\Common Files\Spigot
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2008-10-17 21:05 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 00:03 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-04 00:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-04 00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:27 . 2004-08-03 23:55 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-09-07 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-04 00:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2004-08-03 23:56 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-09 10:37 . 2010-10-09 10:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 39408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Home Server.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Home Server.lnk
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2010-08-15 10:53 2964040 ----a-w- c:\program files\360Amigo\360Amigo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 20:33 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-09 10:37 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-08-15 10:35 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-12-08 11:33 1173384 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-07-16 18:55 284024 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuite.exe]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync2.exe]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 15:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2008-10-18 10:31 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-18 08:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-21 08:13 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31-3-2009 11:04 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2-8-2009 13:34 130936]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-12-2008 20:30 642560]
R2 AmigoSvr;AmigoSvr;c:\program files\360Amigo\360Amigo.exe [15-8-2010 11:53 2964040]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 11:38 92008]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [12-7-2008 13:30 326688]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [19-10-2008 10:52 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [19-10-2008 10:52 6100]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [10-12-2008 20:40 223128]
S2 gupdate1c9ec206221a310;Google Update Service (gupdate1c9ec206221a310);c:\program files\Google\Update\GoogleUpdate.exe [13-6-2009 13:13 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9-10-2010 11:37 30192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18-10-2008 9:41 348752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2009-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 19:03]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ccfa9f67.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 14:10
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\webcheck.dll
.
Voltooingstijd: 2011-01-24 14:15:25
ComboFix-quarantined-files.txt 2011-01-24 13:15
ComboFix2.txt 2011-01-24 11:40
Pre-Run: 5.591.814.144 bytes beschikbaar
Post-Run: 5.592.514.560 bytes beschikbaar
- - End Of File - - EE1D0558E4ACC77CF13352B0FCA568D2
ComboFix 11-01-23.07 - Gebruiker 24-01-2011 14:03:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.735.500 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-24 to 2011-01-24 ))))))))))))))))))))))))))))))
.
2011-01-24 12:32 . 2011-01-24 12:32 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG10
2011-01-24 12:30 . 2011-01-24 12:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-24 12:10 . 2011-01-24 12:10 -------- d-----w- c:\windows\Internet Logs
2011-01-23 10:21 . 2011-01-24 12:49 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend
2011-01-23 07:55 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-23 07:55 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-23 07:54 . 2008-04-14 21:09 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-01-23 07:54 . 2008-04-14 21:09 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-16 10:56 . 2011-01-16 10:56 -------- d-----w- c:\program files\MSBuild
2011-01-16 10:55 . 2011-01-16 10:55 -------- d-----w- c:\program files\Reference Assemblies
2011-01-16 10:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-16 10:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-16 10:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-16 10:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-16 10:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-16 10:52 . 2011-01-16 10:54 -------- d-----w- C:\490f851d5eb923a475a7
2011-01-16 08:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-16 08:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-16 08:14 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-16 08:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-16 08:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-16 08:12 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-16 08:11 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-16 08:10 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-16 08:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-16 07:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-15 13:10 . 2011-01-24 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-15 13:09 . 2011-01-15 13:10 4622344 ----a-w- C:\avg_free_stb_all_2011_1191_cnet.exe
2011-01-15 12:48 . 2011-01-15 12:49 -------- d-----w- c:\documents and settings\Administrator
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-13 14:47 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 14:47 . 2011-01-13 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 14:45 . 2011-01-13 14:45 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 07:27 . 2010-12-31 07:27 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\YouTube Downloader
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Search Settings
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-12-30 20:36 . 2011-01-13 19:07 -------- d-----w- c:\program files\Application Updater
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-12-30 20:36 . 2010-12-30 20:36 -------- d-----w- c:\program files\Common Files\Spigot
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2008-10-17 21:05 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 00:03 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-04 00:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-04 00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:27 . 2004-08-03 23:55 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-09-07 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-04 00:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2004-08-03 23:56 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-09 10:37 . 2010-10-09 10:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 39408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Home Server.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Home Server.lnk
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2010-08-15 10:53 2964040 ----a-w- c:\program files\360Amigo\360Amigo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 20:33 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-09 10:37 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-08-15 10:35 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-12-08 11:33 1173384 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-07-16 18:55 284024 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuite.exe]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync2.exe]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 15:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2008-10-18 10:31 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-18 08:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-21 08:13 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31-3-2009 11:04 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2-8-2009 13:34 130936]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-12-2008 20:30 642560]
R2 AmigoSvr;AmigoSvr;c:\program files\360Amigo\360Amigo.exe [15-8-2010 11:53 2964040]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 11:38 92008]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [12-7-2008 13:30 326688]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [19-10-2008 10:52 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [19-10-2008 10:52 6100]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [10-12-2008 20:40 223128]
S2 gupdate1c9ec206221a310;Google Update Service (gupdate1c9ec206221a310);c:\program files\Google\Update\GoogleUpdate.exe [13-6-2009 13:13 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9-10-2010 11:37 30192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18-10-2008 9:41 348752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2009-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 19:03]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 12:13]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ccfa9f67.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 14:10
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\webcheck.dll
.
Voltooingstijd: 2011-01-24 14:15:25
ComboFix-quarantined-files.txt 2011-01-24 13:15
ComboFix2.txt 2011-01-24 11:40
Pre-Run: 5.591.814.144 bytes beschikbaar
Post-Run: 5.592.514.560 bytes beschikbaar
- - End Of File - - EE1D0558E4ACC77CF13352B0FCA568D2
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door arpido » wo 26 jan 2011, 13:24
Jazeker, het lijkt er sterk op dat e.e.a. nu een stuk beter loopt.
Wat is er feitelijk veranderd?
Bedankt voor de bijstand.
Wat is er feitelijk veranderd?
Bedankt voor de bijstand.
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
Re: Trage computer
door Juisterr » wo 26 jan 2011, 14:07
Mbam had het ergste al verwijderd, combofix deed de rest.
Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Voorbeeld:
Uitvoeren kan ook gestart worden door de toetsencombinatie
Vertel nu even of je nog problemen ondervindt?
Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Voorbeeld:
Uitvoeren kan ook gestart worden door de toetsencombinatie
Vertel nu even of je nog problemen ondervindt?
-
Juisterr - Beveiligings Analist
- Berichten: 1384
- Geregistreerd: ma 10 mei 2010, 19:28
- Woonplaats: Kotje aan de kust
Re: Trage computer
door arpido » do 27 jan 2011, 13:10
Systeempje draait prima. Binnenkort open ik een nieuwe topic. Deze laptop heeft namelijk nog een zusje en vermoedelijk is deze ook vervuild geraakt.
Nogmaals mijn dank.
Nogmaals mijn dank.
- arpido
- Pionier
- Berichten: 60
- Geregistreerd: do 13 jan 2011, 16:37
18 berichten
• Pagina 1 van 1
Keer terug naar Opgeloste logs
Wie is er online
Gebruikers op dit forum: Geen geregistreerde gebruikers. en 0 gasten
