Your system is locked

lg

27-03-2013 08:46

Ik kan deze laptop alleen bedienen in veilige modus
Anders krijg ik de melding tour system is locked en loopt vast.
Dus ik heb niet kunnen voldoen aan het stappenplan.
Dit is wat mij tot nu toe is gelukt
AdwCleaner v2.115 - Verslag gemaakt op 27/03/2013 om 08:46:02
# Geactualiseerd op 17/03/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Mart - MART
# Opstarten Modus : Veillige modus met netwerk
# Gelanceerd vanaf : C:\Documents and Settings\Mart\Bureaublad\adwcleaner.exe
# Optie
***** *****
***** *****
***** *****
***** *****
-\\ Internet Explorer v8.0.6001.18702
Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
alwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Databaseversie: v2013.03.26.11
Windows XP Service Pack 3 x86 NTFS (Veilige modus)
Internet Explorer 8.0.6001.18702
Mart :: MART
27-3-2013 8:07:42
mbam-log-2013-03-27 (08-07-42).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 224007
Verstreken tijd: 8 minuut/minuten, 42 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Mart at 2013-03-27 08:31:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (17%) free of 40 GB
Total RAM: 2038 MB (86% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:06, on 27-3-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mart\Bureaublad\RSIT.exe
C:\Program Files\trend micro\Mart.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: sm56hlpr.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM\..\Run: “C:\Program Files\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: “C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: “C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}\kcdynangs.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Creative\Software Update 3\SoftAuto.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 - HKCU\..\Run: “C:\Program Files\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: C:\Program Files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}\kcdynangs.exe
O4 - HKCU\..\Run: C:\Documents and Settings\Mart\Application Data\cpu.vbs
O4 - HKCU\..\Run: C:\Documents and Settings\Mart\Application Data\gpu.vbs
O4 - HKCU\..\Run: “C:\Documents and Settings\Mart\Application Data\47HEVC0ad.exe”
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - c:\WINDOWS\system32\o2flash.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
–
End of file - 10064 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
Ben

27-03-2013 11:19

Hallo,
Voer het volgende uit als de pc nog niet gewoon opstart dan in veilige modus met netwerk.
wil je eens naar de site Virustotal gaan.
Kopieer en plak: C:\Program Files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}\kcdynangs.exe
voor de knop Choose File en klik op Scan it!.
Wacht het resultaat af, sla dit op en plak dit in je volgende post.
Klik op heranalyseer als het bestand al eens eerder gescand werd.
Download ComboFix
>>Hier<<, kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
lg

27-03-2013 13:25

Bedoelde regel is niet te vinden in c:\program files……………
Ik kom hem wel tegen via ccleaner opstarten daar op uitschakelen gezet.
ComboFix 13-03-27.01 - Mart 27-03-2013 13:12:22.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1575
Gestart vanuit: c:\documents and settings\Mart\Bureaublad\ComboFix.exe
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2012 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mart\Application Data\47HEVC0ad.exe
c:\documents and settings\Mart\Application Data\cpu.vbs
c:\documents and settings\Mart\Application Data\gpu.vbs
c:\documents and settings\Mart\Application Data\QKIFR6Lmmememem.exe
c:\documents and settings\Mart\Mijn documenten\~WRL0483.tmp
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\dllcache\wuaueng.dll.new
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-02-27 to 2013-03-27 ))))))))))))))))))))))))))))))
.
.
2013-03-27 07:31 . 2013-03-27 07:32 ——– d—–w- c:\program files\trend micro
2013-03-27 07:31 . 2013-03-27 07:32 ——– d—–w- C:\rsit
2013-03-26 16:39 . 2013-03-26 16:39 ——– d—–w- c:\documents and settings\Mart\Application Data\Malwarebytes
2013-03-26 16:39 . 2013-03-26 16:39 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-26 16:38 . 2012-12-14 15:49 21104 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 16:38 . 2013-03-26 16:39 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 08:31 . 2013-03-26 08:32 ——– d—–w- c:\documents and settings\Mart\Application Data\Reversecoinc
2013-03-26 08:30 . 2013-03-26 08:32 ——– d—–w- c:\documents and settings\Mart\Application Data\Reversecoing
2013-03-26 06:55 . 2013-03-26 06:55 ——– d-sh–w- c:\program files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}
2013-03-22 13:54 . 2013-03-03 00:34 84992 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\zlib1.dll
2013-03-22 13:54 . 2013-03-03 00:34 602624 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libcurl.dll
2013-03-22 13:54 . 2013-03-03 00:34 352768 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\ssleay32.dll
2013-03-22 13:54 . 2013-03-03 00:34 192512 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libidn-11.dll
2013-03-22 13:54 . 2013-03-03 00:34 170496 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libssh2.dll
2013-03-22 13:54 . 2013-03-03 00:34 1664000 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libeay32.dll
2013-03-22 13:54 . 2013-03-03 00:34 133632 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\librtmp.dll
2013-03-22 13:54 . 2013-03-03 00:34 110094 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libusb-1.0.dll
2013-03-21 17:43 . 2013-02-12 00:32 12928 -c—-w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 17:43 . 2013-02-12 00:32 12928 -c—-w- c:\windows\system32\dllcache\usb8023.sys
2013-03-20 11:32 . 2013-03-20 11:32 ——– d—–w- c:\program files\TomTom International B.V
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 16:20 . 2012-04-04 05:38 693976 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:20 . 2011-05-16 05:48 73432 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2010-10-12 11:58 12928 ——w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-09-02 12:00 12928 —-a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2004-09-02 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2004-09-02 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:14 . 2004-09-02 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:55 . 2004-09-02 12:00 385024 —-a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-09-02 12:00 552448 —-a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:27 . 2004-09-02 12:00 2153472 —-a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2004-08-04 00:58 2032128 —-a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2005-10-06 03:11 1867392 —-a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-30 03:56 1296384 —-a-w- c:\windows\system32\quartz.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“SoftAuto.exe”=“c:\program files\Creative\Software Update 3\SoftAuto.exe”
“ISUSPM”=“c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe”
“Skype”=“c:\program files\Skype\Phone\Skype.exe”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”
.
“ehTray”=“c:\windows\ehome\ehtray.exe”
“igfxtray”=“c:\windows\system32\igfxtray.exe”
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe”
“igfxpers”=“c:\windows\system32\igfxpers.exe”
“SMSERIAL”=“sm56hlpr.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“RoxWatchTray”=“c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“c:\program files\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“RTHDCPL”=“RTHDCPL.EXE”
“RMl”=“c:\program files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}\kcdynangs.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
2010-03-24 10:55 55552 —-a-w- c:\windows\system32\avldr.dll
.
@=“Service”
.
2011-04-13 15:06 1000768 —-a-w- c:\program files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
.
2013-03-26 06:54 327680 —h–r- c:\program files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}\kcdynangs.exe
.
2011-02-02 09:59 70464 —-a-w- c:\program files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe
.
“EnableFirewall”= 0 (0x0)
.
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe”=
“c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe”=
“c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe”=
“c:\\Program Files\\Panda Security\\Panda Antivirus Pro 2012\\ApVxdWin.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
.
“1542:TCP”= 1542:TCP:Realtek WPS TCP Prot
“1542:UDP”= 1542:UDP:Realtek WPS UDP Prot
“53:UDP”= 53:UDP:Realtek AP UDP Prot
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys
R1 NETFLTDI;Panda Net Driver ;c:\windows\system32\drivers\NETFLTDI.SYS
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys
S2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys –> c:\windows\system32\drivers\av5flt.sys
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys –> c:\windows\system32\DRIVERS\ewusbdev.sys
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys –> c:\windows\system32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys –> c:\windows\system32\PavTPK.sys
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys
.
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
——- Bestandsassociaties ——-
.
JSEFile=c:\progra~1\PANDAS~1\PANDAA~1\PavScrip.exe “%1” %*
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-btccpu - c:\documents and settings\Mart\Application Data\cpu.vbs
HKCU-Run-btcgpu - c:\documents and settings\Mart\Application Data\gpu.vbs
HKCU-Run-Audio Drivers - c:\documents and settings\Mart\Application Data\47HEVC0ad.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-27 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘winlogon.exe’(1168)
c:\windows\SYSTEM32\avldr.dll
.
Voltooingstijd: 2013-03-27 13:19:01
ComboFix-quarantined-files.txt 2013-03-27 12:18
.
Pre-Run: 7.184.171.008 bytes beschikbaar
Post-Run: 9.240.592.384 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Windows XP Media Center Edition” /noexecute=optin /fastdetect
.
- - End Of File - - 4C73E20E2DC64A885DF1A7302A22F25F
Ben

27-03-2013 13:47

Hallo,
Als je rmload ook niet herkent gaan we het verwijderen:
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
Folder::
c:\program files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}
Registry::
“RMl”=-
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
Vertel of je hierna de pc weer normaal kan opstarten.
Gr.Ben
lg

27-03-2013 18:57

ComboFix 13-03-27.01 - Mart 27-03-2013 18:44:47.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1623
Gestart vanuit: c:\documents and settings\Mart\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Mart\Bureaublad\CFScript.txt
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2012 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}
c:\program files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}\kcdynangs.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-02-27 to 2013-03-27 ))))))))))))))))))))))))))))))
.
.
2013-03-27 07:31 . 2013-03-27 07:32 ——– d—–w- c:\program files\trend micro
2013-03-27 07:31 . 2013-03-27 07:32 ——– d—–w- C:\rsit
2013-03-26 16:39 . 2013-03-26 16:39 ——– d—–w- c:\documents and settings\Mart\Application Data\Malwarebytes
2013-03-26 16:39 . 2013-03-26 16:39 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-26 16:38 . 2012-12-14 15:49 21104 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 16:38 . 2013-03-26 16:39 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 08:31 . 2013-03-26 08:32 ——– d—–w- c:\documents and settings\Mart\Application Data\Reversecoinc
2013-03-26 08:30 . 2013-03-26 08:32 ——– d—–w- c:\documents and settings\Mart\Application Data\Reversecoing
2013-03-22 13:54 . 2013-03-03 00:34 84992 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\zlib1.dll
2013-03-22 13:54 . 2013-03-03 00:34 602624 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libcurl.dll
2013-03-22 13:54 . 2013-03-03 00:34 352768 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\ssleay32.dll
2013-03-22 13:54 . 2013-03-03 00:34 192512 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libidn-11.dll
2013-03-22 13:54 . 2013-03-03 00:34 170496 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libssh2.dll
2013-03-22 13:54 . 2013-03-03 00:34 1664000 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libeay32.dll
2013-03-22 13:54 . 2013-03-03 00:34 133632 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\librtmp.dll
2013-03-22 13:54 . 2013-03-03 00:34 110094 —-a-w- c:\documents and settings\Mart\Application Data\Microsoft\g\libusb-1.0.dll
2013-03-21 17:43 . 2013-02-12 00:32 12928 -c—-w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 17:43 . 2013-02-12 00:32 12928 -c—-w- c:\windows\system32\dllcache\usb8023.sys
2013-03-20 11:32 . 2013-03-20 11:32 ——– d—–w- c:\program files\TomTom International B.V
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 16:20 . 2012-04-04 05:38 693976 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:20 . 2011-05-16 05:48 73432 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2010-10-12 11:58 12928 ——w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-09-02 12:00 12928 —-a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2004-09-02 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2004-09-02 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:14 . 2004-09-02 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:55 . 2004-09-02 12:00 385024 —-a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-09-02 12:00 552448 —-a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:27 . 2004-09-02 12:00 2153472 —-a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2004-08-04 00:58 2032128 —-a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2005-10-06 03:11 1867392 —-a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-30 03:56 1296384 —-a-w- c:\windows\system32\quartz.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“SoftAuto.exe”=“c:\program files\Creative\Software Update 3\SoftAuto.exe”
“ISUSPM”=“c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe”
“Skype”=“c:\program files\Skype\Phone\Skype.exe”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”
.
“ehTray”=“c:\windows\ehome\ehtray.exe”
“igfxtray”=“c:\windows\system32\igfxtray.exe”
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe”
“igfxpers”=“c:\windows\system32\igfxpers.exe”
“SMSERIAL”=“sm56hlpr.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“RoxWatchTray”=“c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“c:\program files\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“RTHDCPL”=“RTHDCPL.EXE”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
2010-03-24 10:55 55552 —-a-w- c:\windows\system32\avldr.dll
.
@=“Service”
.
2011-04-13 15:06 1000768 —-a-w- c:\program files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
.
2011-02-02 09:59 70464 —-a-w- c:\program files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe
.
“EnableFirewall”= 0 (0x0)
.
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe”=
“c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe”=
“c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe”=
“c:\\Program Files\\Panda Security\\Panda Antivirus Pro 2012\\ApVxdWin.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
.
“1542:TCP”= 1542:TCP:Realtek WPS TCP Prot
“1542:UDP”= 1542:UDP:Realtek WPS UDP Prot
“53:UDP”= 53:UDP:Realtek AP UDP Prot
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys
R1 NETFLTDI;Panda Net Driver ;c:\windows\system32\drivers\NETFLTDI.SYS
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys
S2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys –> c:\windows\system32\drivers\av5flt.sys
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys –> c:\windows\system32\DRIVERS\ewusbdev.sys
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys –> c:\windows\system32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys –> c:\windows\system32\PavTPK.sys
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys
.
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-RMl - c:\program files\Common Files\rmload.{2227A280-3AEA-1069-A2DE-08002B30309D}\kcdynangs.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-27 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘winlogon.exe’(1168)
c:\windows\system32\avldr.dll
.
Voltooingstijd: 2013-03-27 18:54:58
ComboFix-quarantined-files.txt 2013-03-27 17:54
ComboFix2.txt 2013-03-27 12:19
.
Pre-Run: 9.228.664.832 bytes beschikbaar
Post-Run: 9.236.254.720 bytes beschikbaar
.
- - End Of File - - C52B6D4D9FB4918E8EDD4CA9C10554FF
We gaan testen
lg

27-03-2013 19:09

Op dit moment start hij weer normaal op.
Morgen zal ik even Java updaten die is namelijk ook verouderd.
Blijft alles stil dan werkt hij weer normaal.
Wederom bedankt voor het meedenken.
Lg
Ben

27-03-2013 19:21

Hallo,
Ik zou toch nog even verder willen kijken:
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu onderstaande Vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
lg

27-03-2013 21:05

Zoals gevraagd:
Zoek.exe Version 4.0.0.2 Updated 23-03-2013
Tool run by Mart on wo 27-03-2013 at 20:49:11,68.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Suspicious Entries Found ======================
“427:TCP”=“427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP”
“427:UDP”=“427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP”
“139:TCP”=“139:TCP:*:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:*:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:*:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:*:Enabled:@xpsp2res.dll,-22002”
“3389:TCP”=“3389:TCP:*:Enabled:@xpsp2res.dll,-22009”
“427:TCP”=“427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP”
“427:UDP”=“427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP”
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“1542:TCP”=“1542:TCP:*:Enabled:Realtek WPS TCP Prot”
“1542:UDP”=“1542:UDP:*:Enabled:Realtek WPS UDP Prot”
“53:UDP”=“53:UDP:*:Enabled:Realtek AP UDP Prot”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“139:TCP”=“139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002”
“3389:TCP”=“3389:TCP:*:Enabled:@xpsp2res.dll,-22009”
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\WINDOWS\system32\o2flash.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mart\Bureaublad\zoek.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
==== System Specs ======================
Windows: Windows XP Professional Service Pack 3 (Build 2600)
Internet Explorer: 8.0.6001.18702
Memory (RAM): 2039 MB
CPU Info: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
CPU Speed: 1309,1 MHz
Sound Card: Realtek HD Audio output |
Display Adapters: Mobile Intel(R) 945GM Express Chipset Family | Mobile Intel(R) 945GM Express Chipset Family | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug en Play-monitor | Plug en Play-monitor |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Pakketplanner-minipoort | Intel(R) PRO/Wireless 3945ABG Network Connection - Pakketplanner-minipoort
CD / DVD Drives: 1x (E: | ) E: PHILIPS DVD+-RW SDVD8820
Ports: COM3 LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 39,1GB | D: 72,7GB
Hard Disks - Free: C: 8,6GB | D: 11,0GB
Manufacturer *: FUJITSU SIEMENS
BIOS Info: AT/AT COMPATIBLE | 08/15/06 | MSTEST - 6040000
Time Zone: West-Europa (standaardtijd)
Motherboard *: FUJITSU SIEMENS AMILO Pi 1505
Sun Java version: 1.5.0_06
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2013-03-27 12:06:05 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\WINDOWS\PEV.exe
2013-03-27 12:06:05 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\WINDOWS\grep.exe
2013-03-27 12:06:05 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\WINDOWS\zip.exe
2013-03-27 12:06:05 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\WINDOWS\SWSC.exe
2013-03-27 12:06:05 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\WINDOWS\MBR.exe
====== C:\DOCUME~1\Mart\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
2013-03-26 16:38:48 629CABB0421668C9D3D402A3C3D77E14 21104 —-a-w- C:\WINDOWS\System32\drivers\mbam.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-03-27 07:31:58 ——– d—–w- C:\Program Files\trend micro
2013-03-20 11:32:56 ——– d—–w- C:\Program Files\TomTom International B.V
======= C: =====
2013-03-27 12:10:23 0EDE1857B713B8CCEAA7E97C072EB2AE 209 —-a-w- C:\Boot.bak
2013-03-27 12:10:21 271E9B6A3AEC7BCA63D9231A4B3575C0 261936 –sha-r- C:\cmldr
2013-03-27 07:46:02 696614036BF8767E089AAEBFF62D137F 846 —-a-w- C:\AdwCleaner.txt
2013-03-27 06:58:27 177992638BB1DE1745389080E629757B 792 —-a-w- C:\AdwCleaner.txt
2013-03-27 06:57:52 C24BB2CBC95C34D9B367684B8CC0F2A2 728 —-a-w- C:\AdwCleaner.txt
====== C:\Documents and Settings\Mart\Application Data ======
2013-03-26 09:30:25 F66D96BE856CAB07F0CE2F6F71F28BC2 1934 —-a-w- C:\Documents and Settings\Mart\Application Data\link2.png
2013-03-26 09:30:25 DC6E3A079439E7E2B8F74311DB625817 605589 —-a-w- C:\Documents and Settings\Mart\Application Data\screen.png
2013-03-26 09:30:25 D1DD83002C672CA457D69BBD70B27B53 1813 —-a-w- C:\Documents and Settings\Mart\Application Data\link1.png
2013-03-26 09:30:25 9A3C5A057CB01C83E1437E0496AD65A8 1483 —-a-w- C:\Documents and Settings\Mart\Application Data\verify.png
2013-03-26 09:30:25 29EE5222EDF879BF977CB228A9F7FEAC 82237 —-a-w- C:\Documents and Settings\Mart\Application Data\lock-screen.png
2013-03-26 09:24:16 CF25758C8040D05BFBDD9109A1DA3420 72 —-a-w- C:\Documents and Settings\Mart\Application Data\nigga
2013-03-26 08:31:45 ——– d—–w- C:\Documents and Settings\Mart\Application Data\Reversecoinc
2013-03-26 08:30:47 ——– d—–w- C:\Documents and Settings\Mart\Application Data\Reversecoing
====== C:\Documents and Settings\Mart ======
2013-03-27 19:44:36 ——– d-sh–w- C:\Documents and Settings\NetworkService\Cookies
2013-03-27 17:59:09 ——– d-sh–w- C:\Documents and Settings\LocalService\Cookies
2013-03-26 06:54:37 ——– d—–w- C:\Documents and Settings\All Users\Local Settings
====== C: exe-files ==
2013-03-27 12:10:20 5F1499F64F80AA219A94A5D945B3836D 610816 —-a-w- C:\cmdcons\autofmt.exe
2013-03-27 12:10:20 3C200120F6E86A1A42EDA2E1E2D17AEC 619008 —-a-w- C:\cmdcons\autochk.exe
2013-03-27 12:06:05 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\WINDOWS\PEV.exe
2013-03-27 12:06:05 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\WINDOWS\grep.exe
2013-03-27 12:06:05 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\WINDOWS\zip.exe
2013-03-27 12:06:05 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\WINDOWS\SWSC.exe
2013-03-27 12:06:05 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\WINDOWS\MBR.exe
2013-03-27 07:31:58 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Mart.exe
2013-03-27 07:31:12 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Documents and Settings\Mart\Bureaublad\RSIT.exe
2013-03-27 06:56:50 EC4961D7E0F6ACEF4E8446E062048D88 609993 —-a-w- C:\Documents and Settings\Mart\Bureaublad\adwcleaner.exe
2013-03-26 08:31:56 87D1A7B2EE03157FD5C9254883AF0E66 1521816 —-a-w- C:\Documents and Settings\Mart\Application Data\Reversecoinc\bitcoinminerdll.exe
2013-03-26 08:31:16 D4F7FF7C708D41070991ABCC04757D97 1822058 —-a-w- C:\Documents and Settings\Mart\Application Data\Reversecoing\bitcoinminerdll.exe
2013-03-22 06:10:28 D13879F9A51F6F8C6AC33A5B86694E9F 24449680 —-a-w- C:\Program Files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe
=== C: other files ==
2013-03-26 16:38:48 629CABB0421668C9D3D402A3C3D77E14 21104 —-a-w- C:\WINDOWS\system32\drivers\mbam.sys
2013-03-21 17:43:35 B4D7B7AD8A9F7C063C5CC3E2C1A0724E 12928 -c—-w- C:\WINDOWS\system32\dllcache\usb8023x.sys
2013-03-21 17:43:35 B4D7B7AD8A9F7C063C5CC3E2C1A0724E 12928 ——w- C:\WINDOWS\Driver Cache\i386\usb8023x.sys
2013-03-21 17:43:35 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B 12928 -c—-w- C:\WINDOWS\system32\dllcache\usb8023.sys
==== Startup Registry Enabled ======================
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“SoftAuto.exe”=“C:\Program Files\Creative\Software Update 3\SoftAuto.exe”
“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler”
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun”
“TomTomHOME.exe”=“C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe”
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe”
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe”
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe”
“SMSERIAL”=“sm56hlpr.exe”
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe”
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
“RoxWatchTray”=“C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“C:\Program Files\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe”
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“RTHDCPL”=“RTHDCPL.EXE”
“SoftAuto.exe”=“C:\Program Files\Creative\Software Update 3\SoftAuto.exe”
“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler”
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun”
“TomTomHOME.exe”=“C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“APVXDWIN”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Panda Security\\Panda Antivirus Pro 2012\\APVXDWIN.EXE\“ /s”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SCANINICIO”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Panda Security\\Panda Antivirus Pro 2012\\Inicio.exe\“”
==== Startup Folders ======================
2010-10-12 12:28:38 1808 —-a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job –a—— C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job –a——
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startpagina.nl/”
@=“http://www.google.com/search?q=%s”
“Default_Search_URL”=“http://www.google.com/ie”
New Values:
“Start Page”=“http://www.startpagina.nl/”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== HijackThis Entries ======================
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: sm56hlpr.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM\..\Run: “C:\Program Files\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKCU\..\Run: “C:\Program Files\Creative\Software Update 3\SoftAuto.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 - HKCU\..\Run: “C:\Program Files\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - c:\WINDOWS\system32\o2flash.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
==== Empty IE Cache ======================
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Mart\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Mart\LOCALS~1\Temp successfully emptied
==== Deleting Files / Folders ======================
“C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not deleted
“C:\Documents and Settings\Mart\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not found
“C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not found
fazantje

27-03-2013 21:24

Hoi LG,
Ziet er goed uit.
Zoek exe mag je zo verwijderen.
Combofix als volgt:
Ga naar Start.
Kopieer en plak: Combofix /Uninstall in de startzoekbalk.
Druk ENTER en bevestig met OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Leeg je prullenbak en verwijder nog even je systeemherstelpunten en maak een nieuwe aan, voor nieuwe aanmaken zie:
1. Klik op Deze computer.
2. Klik met de rechter muisknop op de betreffende schijf en klik op Eigenschappen.
3. Ga naar het tabblad Algemeen en klik op Schijfopruiming.
4. Ga naar ‘Meer opties’ en klik bij Systeemherstel op Opruimen.
5. Als u alle herstelpunten op het meest recente na wilt verwijderen, klik dan op Ja.
Groetjes Huib;)
lg

28-03-2013 08:39

Laatste punten uitgevoerd.
Laptop werkt weer normaal
Dank namens de eigenaar.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Your system is locked

lg

Ben

lg

Ben

lg

lg

Ben

lg

fazantje

lg