Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Geert
Hallo,
ik heb nu internet met beperkte verbinding :-S (zit nu op mn eigen PC)
Morgen ga ik maar even kijken of ik het internet weer aan de praat krijg bij de PC van mn vader ….
Gr.
Geert
Hallo,
hierbij de log van Combofix:
ComboFix 12-08-14.05 - Johan 14-08-2012 22:08:14.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1015.440
Gestart vanuit: c:\users\Johan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))
.
.
2012-08-14 20:19 . 2012-08-14 20:21 ——– d—–w- c:\users\Johan\AppData\Local\temp
2012-08-14 20:19 . 2012-08-14 20:19 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-08-14 18:06 . 2012-08-14 18:06 ——– d—–w- c:\program files\7-Zip
2012-08-10 10:45 . 2012-06-29 08:44 6891424 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BD2F029-B32A-4AF8-A573-736F2E61F2D7}\mpengine.dll
2012-08-07 06:31 . 2012-08-07 06:31 ——– d—–w- c:\programdata\WindowsSearch
2012-07-31 15:13 . 2012-07-31 15:13 ——– d—–w- c:\users\Johan\AppData\Roaming\SUPERAntiSpyware.com
2012-07-31 15:13 . 2012-07-31 15:13 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-07-31 15:13 . 2012-07-31 15:13 ——– d—–w- c:\programdata\SUPERAntiSpyware.com
2012-07-17 22:07 . 2012-06-13 13:40 2047488 —-a-w- c:\windows\system32\win32k.sys
2012-07-17 08:17 . 2012-06-05 16:47 708608 —-a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-17 08:17 . 2012-06-05 16:47 1401856 —-a-w- c:\windows\system32\msxml6.dll
2012-07-17 08:17 . 2012-06-05 16:47 1248768 —-a-w- c:\windows\system32\msxml3.dll
2012-07-17 08:16 . 2012-06-04 15:26 440704 —-a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-17 08:16 . 2012-06-02 00:04 278528 —-a-w- c:\windows\system32\schannel.dll
2012-07-17 08:16 . 2012-06-02 00:03 204288 —-a-w- c:\windows\system32\ncrypt.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 18:31 . 2011-12-09 12:12 16400 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-17 07:53 . 2011-12-09 14:17 52128 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-17 07:53 . 2011-12-09 14:17 83392 —-a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-17 07:53 . 2011-12-09 14:17 30624 —-a-w- c:\windows\system32\LMIport.dll
2012-07-17 07:53 . 2011-12-09 14:17 87456 —-a-w- c:\windows\system32\LMIinit.dll
2012-07-03 11:46 . 2011-12-05 19:26 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-18 23:13 53784 —-a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:13 45080 —-a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:12 35864 —-a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:12 577048 —-a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-18 23:13 1933848 —-a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-18 23:13 2422272 —-a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-18 23:12 88576 —-a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-18 23:12 171904 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-18 23:12 33792 —-a-w- c:\windows\system32\wuapp.exe
2012-05-31 13:20 . 2011-12-09 14:17 87424 —-a-w- c:\windows\system32\LMIinit.dll.000.bak
2012-05-31 10:25 . 2010-08-28 09:32 237072 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
.
“hpsysdrv”=“c:\hp\support\hpsysdrv.exe”
“KBD”=“c:\hp\KBD\KbdStub.EXE”
“RtHDVCpl”=“RtHDVCpl.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“avgnt”=“c:\program files\Avira\AntiVir Desktop\avgnt.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“Samsung PanelMgr”=“c:\windows\Samsung\PanelMgr\SSMMgr.exe”
“EvtMgr6”=“c:\program files\Logitech\SetPointP\SetPoint.exe”
“LogMeIn GUI”=“c:\program files\LogMeIn\x86\LogMeInSystray.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
.
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”
.
2011-05-04 17:54 551296 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
@=“”
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“EnableNotificationsRef”=dword:00000002
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
.
.
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-08-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 92d921e0-87ba-4365-9807-d731c2389bd0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe
.
2012-08-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ca0ba49a-810c-44d2-b803-ca47ebac3661.job
- c:\program files\SUPERAntiSpyware\SASTask.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 22:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-08-14 22:25:55
ComboFix-quarantined-files.txt 2012-08-14 20:25
.
Pre-Run: 135.729.496.064 bytes beschikbaar
Post-Run: 135.697.051.648 bytes beschikbaar
.
- - End Of File - - E64D7FEAE4706B71CA5AB5938EA380A1
En de hijack log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:44:48, on 14-8-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Johan\Desktop\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\21.0.1180.75\npchrome_frame.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: “C:\Program Files\LogMeIn\x86\LogMeInSystray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: Accelerated graphics
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\21.0.1180.75\npchrome_frame.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SCM_Service - Unknown owner - C:\WINDOWS\System32\WinService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
–
End of file - 5632 bytes
Ik heb het idee dat voor de Combfix het systeem sneller draaide, dan na de combofix…..
Hoi Geert,
Ook het combo logje ziet er goed uit(tu)
Download OTC exe hier, om combo weer helemaal te verwijderen.
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Lukt dat niet , dan dubbelklikken op het icoon.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Soms kan traagheid ook veroorzaakt worden door jou provider, en door jou zelf, als je toevallig meerdere dingen gelijk aan het doen bent op jou computer.
Soms weet je het toch niet.
Hier heb ik ook wel eens van ojee, dus ff alles nakijken, maar blijkt toch loos alarm.
Groetjes Huib;)
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
