Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
glenn
Oke ik wacht tot morgen
want alles opnieuw installeren lijkt mij niks…..
gr en bedankt
Hallo glenn,
Het enigste wat je kan proberen is Combofix uitvoeren. (en dan nog???) Wat al niet goed op jou pc werk, en dat al aan geeft dat er meer aan de hand is.
En anders toch wat Huib en JosH aanbevelen naar mijn mening ook een Herinstal ?
Hierdoor heb je weer een fris en goed werkende pc.
http://antivirus.startpagina.nl/prikbord/15028946/15032477/re-problemen-opstart–logje#msg-15032477
Je kan onderstaande proberen.
WEL EVEN JE NAAM IN VULLEN BIJ GEBRUIKER!!!!!
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
c:\users\Gebruiker\AppData\Roaming\czuauc.ex
Registry::
Registry::
“Czuauc”=-
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Gr.Ben
rapport combofix
ComboFix 12-01-09.03 - 15-01-2012 9:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1791.754
Gestart vanuit: c:\users\\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- VERMINDERDE FUNCTIONALITEIT MODUS -
.
FILE ::
“c:\users\Gebruiker\AppData\Roaming\czuauc.ex”
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu1850644286v4.kwd
c:\programdata\SysWoW32\mu1850644286v5.kwd
c:\programdata\SysWoW32\mu1850644286v6.kwd
c:\programdata\SysWoW32\mu1850644286v7.kwd
c:\programdata\SysWoW32\wu1850644286v0
c:\programdata\SysWoW32\wu1850644286v0.kwd
c:\programdata\SysWoW32\wu1850644286v1.kwd
c:\programdata\SysWoW32\wu1850644286v2.kwd
c:\programdata\SysWoW32\wu1850644286v3.kwd
c:\users\\AppData\Roaming\Secure-Soft Stealer
c:\users\\AppData\Roaming\winlog
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-15 to 2012-01-15 ))))))))))))))))))))))))))))))
.
.
2012-01-15 08:56 . 2012-01-15 09:05 ——– d—–w- c:\users\\AppData\Local\temp
2012-01-15 08:56 . 2012-01-15 08:56 ——– d—–w- c:\users\yfl\AppData\Local\temp
2012-01-15 08:56 . 2012-01-15 08:56 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-15 08:56 . 2012-01-15 08:56 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-01-15 08:56 . 2012-01-15 08:56 ——– d—–w- c:\users\\AppData\Local\temp
2012-01-15 08:56 . 2012-01-15 08:56 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-15 06:42 . 2012-01-15 06:42 63115 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-01-15 06:42 . 2012-01-15 06:42 8646 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-01-15 06:42 . 2012-01-15 06:42 6429 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-01-15 06:42 . 2012-01-15 06:42 4599 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-01-15 06:42 . 2012-01-15 06:42 9310 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-01-15 06:42 . 2012-01-15 06:42 5927 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-01-15 06:42 . 2012-01-15 06:42 8613 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-01-15 06:42 . 2012-01-15 06:42 1651 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-01-15 06:42 . 2012-01-15 06:42 6910 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-01-15 06:42 . 2012-01-15 06:42 8288 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-01-15 06:42 . 2012-01-15 06:42 6208 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-01-15 06:42 . 2012-01-15 06:42 18541 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-01-15 06:41 . 2012-01-15 06:41 51852 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-01-15 06:41 . 2012-01-15 06:41 20719 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-01-15 06:41 . 2012-01-15 06:41 23327 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-01-15 06:41 . 2012-01-15 06:41 8782 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-01-15 06:41 . 2012-01-15 06:41 7271 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-01-14 09:07 . 2012-01-14 09:07 ——– d—–w- c:\users\\AppData\Roaming\AVG2012
2012-01-14 09:05 . 2012-01-15 07:14 ——– d—–w- c:\windows\system32\drivers\AVG
2012-01-14 09:05 . 2012-01-14 09:13 ——– d—–w- c:\programdata\AVG2012
2012-01-14 08:38 . 2012-01-14 08:38 388096 —-a-r- c:\users\\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-13 19:00 . 2012-01-13 19:00 ——– d—–w- c:\users\/AppData\Roaming\Nend Software
2012-01-13 19:00 . 2010-01-06 12:13 506368 —-a-w- c:\windows\system32\sqlite3.dll
2012-01-13 19:00 . 2012-01-13 19:00 ——– d—–w- c:\program files\Nend Software
2012-01-13 17:08 . 2012-01-13 17:08 ——– d—–w- c:\users\\AppData\Roaming\Crown
2012-01-13 17:08 . 2012-01-13 17:08 ——– d—–w- c:\programdata\Crown
2012-01-13 17:07 . 2011-11-21 10:47 6823496 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6358D95B-CC4B-408A-A6AD-0DDD81FA4CB8}\mpengine.dll
2012-01-13 16:37 . 2012-01-13 16:46 ——– d—–w- c:\users\\AppData\Roaming\thecleaner
2012-01-12 16:10 . 2012-01-12 16:10 ——– d—–w- c:\users\\AppData\Roaming\DriverDokterSoftware
2012-01-12 16:10 . 2012-01-12 16:10 ——– d—–w- c:\users\\AppData\Roaming\DeviceDoctorSoftware
2012-01-11 16:21 . 2011-11-17 06:48 440192 —-a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 16:21 . 2011-11-16 16:23 278528 —-a-w- c:\windows\system32\schannel.dll
2012-01-11 16:21 . 2011-11-16 16:21 1259008 —-a-w- c:\windows\system32\lsasrv.dll
2012-01-11 16:21 . 2011-11-16 16:23 377344 —-a-w- c:\windows\system32\winhttp.dll
2012-01-11 16:21 . 2011-11-16 16:23 72704 —-a-w- c:\windows\system32\secur32.dll
2012-01-11 16:21 . 2011-11-16 14:12 9728 —-a-w- c:\windows\system32\lsass.exe
2012-01-11 14:23 . 2011-10-14 16:03 189952 —-a-w- c:\windows\system32\winmm.dll
2012-01-11 14:23 . 2011-10-14 16:00 23552 —-a-w- c:\windows\system32\mciseq.dll
2012-01-11 14:23 . 2011-11-18 20:23 1205064 —-a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:23 . 2011-11-18 17:47 66560 —-a-w- c:\windows\system32\packager.dll
2012-01-11 14:23 . 2011-11-25 15:59 376320 —-a-w- c:\windows\system32\winsrv.dll
2012-01-11 14:23 . 2011-12-01 15:21 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 14:23 . 2011-10-25 15:58 1314816 —-a-w- c:\windows\system32\quartz.dll
2012-01-11 14:23 . 2011-10-25 15:58 497152 —-a-w- c:\windows\system32\qdvd.dll
2012-01-10 17:58 . 2012-01-10 17:58 ——– d—–w- c:\users\\AppData\Roaming\Alawar Entertainment
2012-01-07 15:44 . 2012-01-07 15:44 ——– d—–w- c:\users\\AppData\Roaming\PlayPond
2012-01-06 19:03 . 2012-01-06 19:03 ——– d—–w- c:\users\\AppData\Roaming\Boolat Games
2012-01-01 14:27 . 2011-10-19 21:16 20312 —-a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-29 11:55 . 2011-12-29 11:55 ——– d—–w- c:\users\\AppData\Roaming\game
2011-12-29 11:32 . 2012-01-06 18:50 ——– d—–w- c:\program files\Hidden World of Art - NL
2011-12-29 11:31 . 2012-01-06 18:49 ——– d—–w- c:\program files\Hidden World of Art 2 - NL
2011-12-28 19:54 . 2011-12-28 19:54 ——– d—–w- c:\users\\AppData\Roaming\Playrix Entertainment
2011-12-28 19:18 . 2011-12-28 19:18 ——– d—–w- c:\users\\AppData\Roaming\Frozen Kingdom
2011-12-28 11:41 . 2011-12-28 11:41 1169736 —-a-w- c:\users\\AppData\Roaming\Czuauc.exe
2011-12-28 11:41 . 2011-12-28 11:41 ——– d—–w- c:\program files\Macabre Mysteries - Curse of the Nightingale
2011-12-25 09:47 . 2011-12-25 09:47 ——– d—–w- c:\users\\AppData\Roaming\DVD Flick
2011-12-25 09:46 . 2003-01-26 12:41 40960 —-a-w- c:\windows\system32\ssubtmr6.dll
2011-12-25 09:46 . 2008-08-31 12:27 28672 —-a-w- c:\windows\system32\mousewheel.ocx
2011-12-25 09:46 . 2007-08-31 17:36 36864 —-a-w- c:\windows\system32\trayicon_handler.ocx
2011-12-25 09:46 . 2004-03-08 23:00 662288 —-a-w- c:\windows\system32\mscomct2.ocx
2011-12-25 09:46 . 2004-03-08 23:00 609824 —-a-w- c:\windows\system32\comctl32.ocx
2011-12-25 09:46 . 2004-03-08 23:00 212240 —-a-w- c:\windows\system32\richtx32.ocx
2011-12-25 09:46 . 1998-06-23 23:00 164144 —-a-w- c:\windows\system32\comct232.ocx
2011-12-25 09:46 . 2011-12-25 09:46 ——– d—–w- c:\program files\DVD Flick
2011-12-20 18:31 . 2011-12-20 18:31 ——– d—–w- c:\users\\AppData\Roaming\gogii
2011-12-20 18:31 . 2011-12-20 18:31 ——– d—–w- c:\programdata\gogii
2011-12-18 10:37 . 2011-12-18 10:37 ——– d—–w- c:\users\\AppData\Roaming\Casual Arts
2011-12-18 10:37 . 2011-12-18 10:37 ——– d—–w- c:\programdata\Casual Arts
2011-12-16 18:21 . 2011-12-16 18:21 ——– d—–w- c:\programdata\PDVD
2011-12-16 18:20 . 2011-12-16 18:20 ——– d—–w- c:\users\\AppData\Local\MediaServer
2011-12-16 18:16 . 2011-12-16 18:17 ——– d—–w- c:\programdata\install_clap
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 17:55 . 2011-10-30 10:20 31552 —-a-w- c:\windows\system32\TURegOpt.exe
2011-12-19 17:50 . 2011-10-30 10:20 21312 —-a-w- c:\windows\system32\authuitu.dll
2011-12-19 17:50 . 2011-10-30 10:20 29504 —-a-w- c:\windows\system32\uxtuneup.dll
2011-12-16 05:25 . 2011-12-16 05:25 637848 —-a-w- c:\windows\system32\npdeployJava1.dll
2011-12-16 05:25 . 2010-04-17 05:55 567184 —-a-w- c:\windows\system32\deployJava1.dll
2011-12-10 14:24 . 2010-06-25 10:59 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 08:50 . 2011-12-07 08:49 253952 ——w- c:\windows\Setup1.exe
2011-12-07 08:50 . 2011-12-07 08:49 74752 —-a-w- c:\windows\ST6UNST.EXE
2011-11-23 16:27 . 2011-11-23 16:27 161792 —-a-w- c:\windows\system32\msls31.dll
2011-11-23 16:27 . 2011-11-23 16:27 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 16:27 . 2011-11-23 16:27 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 16:27 . 2011-11-23 16:27 86528 —-a-w- c:\windows\system32\iesysprep.dll
2011-11-23 16:27 . 2011-11-23 16:27 63488 —-a-w- c:\windows\system32\tdc.ocx
2011-11-23 16:27 . 2011-11-23 16:27 48640 —-a-w- c:\windows\system32\mshtmler.dll
2011-11-23 16:27 . 2011-11-23 16:27 367104 —-a-w- c:\windows\system32\html.iec
2011-11-23 16:27 . 2011-11-23 16:27 74752 —-a-w- c:\windows\system32\iesetup.dll
2011-11-23 16:27 . 2011-11-23 16:27 23552 —-a-w- c:\windows\system32\licmgr10.dll
2011-11-23 16:27 . 2011-11-23 16:27 152064 —-a-w- c:\windows\system32\wextract.exe
2011-11-23 16:27 . 2011-11-23 16:27 150528 —-a-w- c:\windows\system32\iexpress.exe
2011-11-23 16:27 . 2011-11-23 16:27 420864 —-a-w- c:\windows\system32\vbscript.dll
2011-11-23 16:27 . 2011-11-23 16:27 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2011-11-23 16:27 . 2011-11-23 16:27 11776 —-a-w- c:\windows\system32\mshta.exe
2011-11-23 16:27 . 2011-11-23 16:27 101888 —-a-w- c:\windows\system32\admparse.dll
2011-11-23 16:27 . 2011-11-23 16:27 35840 —-a-w- c:\windows\system32\imgutil.dll
2011-11-23 16:27 . 2011-11-23 16:27 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-11-23 13:37 . 2011-12-14 14:38 2043904 —-a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-14 14:38 2048 —-a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 20:49 1798144 —-a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 20:49 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 20:49 1127424 —-a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 20:49 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-14 14:38 3602816 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-14 14:38 3550080 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-14 14:38 49152 —-a-w- c:\windows\system32\csrsrv.dll
2011-10-25 14:42 . 2011-10-25 14:38 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 13:43 . 2009-05-16 19:10 362240 —-a-w- c:\windows\system32\TuneUpDefragService.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
.
“AVG_TRAY”=“c:\program files\AVG\AVG2012\avgtray.exe”
.
“EnableUIADesktopToggle”= 0 (0x0)
“HideFastUserSwitching”= 0 (0x0)
.
“AppInit_DLLs”=c:\windows\System32\guard32.dll
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup
.
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTD Watchdog Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAIDstP Jmicron Corp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zesko_McciTrayApp
.
2007-01-18 12:03 79416 —-a-w- c:\program files\Packard Bell\FIJI\ABoard.exe
.
2011-06-06 10:55 937920 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2011-11-12 09:42 1647448 —-a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
2011-09-27 06:22 59240 —-a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
2010-03-13 13:54 91520 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
.
2011-12-28 11:41 1169736 —-a-w- c:\users\\AppData\Roaming\Czuauc.exe
.
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
2011-11-12 23:24 421736 —-a-w- c:\program files\iTunes\iTunesHelper.exe
.
2011-12-24 16:50 981680 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
2011-12-24 16:50 981680 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
2010-07-01 10:43 220336 ——w- c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe
.
2010-04-16 21:12 3872080 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
2010-03-26 14:10 2114808 —-a-w- c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe
.
2010-09-30 09:47 93360 ——w- c:\program files\Olympus\ib\olycamdetect.exe
.
2010-11-29 15:38 421888 —-a-w- c:\program files\VistaCodecPack\QT\QTTask.exe
.
2011-09-14 13:48 230696 —-a-w- c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe
.
2009-12-10 18:30 8120864 ——w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
2011-09-30 11:19 252296 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” /background
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” -autorun
“WMPNSCFG”=c:\program files\Windows Media Player\WMPNSCFG.exe
“Czuauc”=c:\users\\AppData\Roaming\Czuauc.exe
.
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“NvMediaCenter”=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
“toolbar_eula_launcher”=c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
“c:\windows\system32\V0260Ext.ax”=c:\windows\system32\RegSvr32.exe /s c:\windows\system32\V0260Ext.ax
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“QuickTime Task”=“c:\program files\VistaCodecPack\QT\QTTask.exe” -atboottime
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe
.
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
2009-03-04 15:32 8192 —-a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2009-11-13 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: ziggo.nl\thuishelp
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
TCP: Interfaces\{44B7DDEE-EA59-47B0-9C9C-C51672A8F138}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{77BF9EC4-708F-44E9-8305-D33291DCA91A}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-15 10:05
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
“ImagePath”=“\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“OODEFRAG12.00.00.01PROFESSIONAL”=“090497085187CB46C5DCF193739B5628170ECE8D3D640E2D5294BF1D1E7805A4F2CC49E5168D7C28215AABA7E369927E0A1E80E787DFCD910EBB272C1363ED6BAEB07EBFC89F0FCE637BF6988B2B21D1A7D2E9B826432C18E8E7C92B509EE29140429A9199C6084D7425C2B8938A245CDA0126C954798745F7801001C876A082FD1C72F6D050A19A9240F2FEB4F5F0BF6704440D6332F10121F1D6B5007A961016D85034474DC691CD3B5D0540A011FDE13B4995B5613299202BEE761000E771061BF2ACEC13186F8A87CD8B987FC17F3489AD1A463C42BD81A09E93251E6CBD23070BEC42B96BD7829B827434CBF48E1E55DB781F3ED103AAC81E8283FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558D195FB2E3AC5C888057BD946003E5004171CEDCBB50E068EA79B598EED09ADDAA54E8ECF5CE859142C3A0C2D38BFB1814B2DFBDA781028FBFE1FE85D7EBA809D456D45FC2236F4C8FA367928C4E48E923782926EC5A9A18A00B54661D495EE6DEC8C8BDC84ECEBD7ADD7B5D9ABA982EE50580B5CB37AD110534153F50D59C7C5F0749920A6979FE5C8CAFD191B5DBB212529E5F89EAE69DA2D3026888EE63612FA444BB8EFE6CBBCEFDB7738999A8D8A48921EBEE3A93F2F990C28F5FE7DB3EEC67076B6010C73432B5AC189E32B696DD8C89F7C76026DAC94861367188CED5FAC5C6268C0FCF3C2869886CEE41E3F3C26C3D71E50CB435970B4DAEE08BAD797FF099C728E5EA3C9883AEEC1E7BB08E99F1859C1CDCF7F22D9CD624D31F0A8FE3C7FA7BC870A631AEA262ED560A4118EF981012C46B4F1B1876B592F2E7999557E14B4509FC312BD99ACB154089DF5615106FBCBBC03BC7A84583C9EB7AB9194C084DF807D0604ECCEFF6DE8D0CF8A01E3B16DCE1D9E2A67468C0EF71E4E7BEF6B62842E6252AD1FE5F5597EF941D66E1B160069C2A8F7BD376CC7DB8A3473DD321E79DCD23AC84AB553AE4221F8128FD4089A05318AE1BE4B5703FFA2B9E5E1F2A7B5E676D26445175DEBADC957EF951E43468727B53EF08A3D55476E1D883DC6E36286116FA863495DEE5615B910702D3E56BEC2432F8637109B46C24059FD0BA51766F2733525A413B847244DB8B75F4868E345326C7DF037FA6A23ED639878FE415489B7AC58F36580957192259D9E2658B4440AC04A9708EC7E275A36C4DA2F1A82562A01062E77F3B5E984C549E6DB26A9792E7E53207EF097A0166E6B6DD5DA4C5E0997627FADA3453F1E778F718848D2EEB1DBCB0C5422E3B89406E96DEEBD36D6FFDCF73CBFC640DCB27505E9BD3A80FDAB76B9A6488D17BB1F05889F64BD3E1D88888A4E8D80EE13D5C7E0EE1FD”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘winlogon.exe’(1084)
c:\windows\System32\guard32.dll
.
- - - - - - - > ‘lsass.exe’(960)
c:\windows\System32\guard32.dll
.
Voltooingstijd: 2012-01-15 10:09:33
ComboFix-quarantined-files.txt 2012-01-15 09:09
ComboFix2.txt 2012-01-13 22:24
.
Pre-Run: 144.857.870.336 bytes beschikbaar
Post-Run: 144.847.568.896 bytes beschikbaar
.
- - End Of File - - 090652048F65959D86F0C1DE72E44457
Hoi Glenn,
Werk jij met een illegale versie van Vista, dit lees ik uit combofix:
Of illegaal of niet geregistreerd. (dus dan ook illegaal)
Verder heeft combo zijn werk gedaan.
Hoe is het nu met jou problemen:S
Verwijder combofix weer en wel op de volgende manier:
Download OTC exe Hier.
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Lukt dat niet , dan dubbelklikken op het icoon.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.
Ik blijf bij een herinstal gezien de feiten die jij aangeeft, maar goed het is jou computer/keuze.
Groetjes Huib;)
hallo huib / fazantje
otc doe ik zometeen ivm de vele backup,s die ik nu aan het maken ben
nee het is volkomen legaal . pc gekocht bij media markt / packard bell 4 jaar geleden
en ik woon in holland / noorden
p,s ben erg voorzichtig met naam plaats etc ivm dat ik slechte ervaringen heb met dergelijke dingen
bedankt voor je hulp
ik heb alleen de 2x piepje,s gehoord toen combofix bezig was…meer niet
