veel troep en trojans?

marcel

20-06-2013 17:42

hoi Ben
klopt dat account “mama”
systeencare verwijderd
logjes
Zoek.exe Version 4.0.0.2 Updated 18-June-2013
Tool run by manon on do 20-06-2013 at 16:12:40,62.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results19-06-2013-2241.log 18870 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“WajamUpdater”=-
“3389:TCP”=-
“65533:TCP”=-
“52344:TCP”=-
“3389:TCP”=-
“65533:TCP”=-
“52344:TCP”=-
==== Deleting Files \ Folders ======================
“c:\documents and settings\All Users\Application Data\3936\204640.dat” deleted
“c:\documents and settings\All Users\Application Data\3936\204656.dll” deleted
“c:\documents and settings\All Users\Application Data\3936\lmbd.dll” deleted
“c:\documents and settings\All Users\Application Data\3936\msxx.dat” deleted
“c:\documents and settings\All Users\Application Data\3936\vvve.dat” deleted
“c:\documents and settings\All Users\Application Data\3936” deleted
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com/webhp?hl=nl”
New Values:
“Start Page”=“http://www.google.com/webhp?hl=nl”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{5BFE9EDA-43A4-4406-AC64-DF39EB1223B9} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS”
{6575846F-1D65-4E0F-BE76-1F68DD71BF66} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\janneke\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\janneke\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\manon\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Documents and Settings\manon\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\WINDOWS\TEMP successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
“C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not deleted
==== EOF on do 20-06-2013 at 16:21:10,01 ======================
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-20 16:31:16
—————————–
16:31:16.906 OS Version: Windows 5.1.2600 Service Pack 3
16:31:16.906 Number of processors: 2 586 0x407
16:31:16.906 ComputerName: UW-259CBE6449D1 UserName: manon
16:31:17.734 Initialize success
16:53:25.453 AVAST engine defs: 13062001
16:53:40.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
16:53:40.093 Disk 0 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
16:53:40.187 Disk 0 MBR read successfully
16:53:40.187 Disk 0 MBR scan
16:53:40.187 Disk 0 Windows XP default MBR code
16:53:40.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
16:53:40.187 Disk 0 scanning sectors +488392065
16:53:40.250 Disk 0 scanning C:\WINDOWS\system32\drivers
16:53:53.328 Service scanning
16:54:12.234 Modules scanning
16:54:19.000 Disk 0 trace - called modules:
16:54:19.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:54:19.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0
16:54:19.031 3 CLASSPNP.SYS -> nt!IofCallDriver -> \Device\00000073
16:54:19.031 5 ACPI.sys -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5
16:54:19.734 AVAST engine scan C:\WINDOWS
16:54:31.703 AVAST engine scan C:\WINDOWS\system32
16:58:21.609 AVAST engine scan C:\WINDOWS\system32\drivers
16:58:50.140 AVAST engine scan C:\Documents and Settings\manon
17:11:19.890 AVAST engine scan C:\Documents and Settings\All Users
17:14:33.734 Scan finished successfully
17:38:11.484 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\manon\Bureaublad\MBR.dat”
17:38:11.500 The log file has been saved successfully to “C:\Documents and Settings\manon\Bureaublad\aswMBR.txt”
Ben

20-06-2013 18:08

Hallo,
Download DDS en bewaar het op je bureaublad.
(Schakel programma's uit die het scripts blokkeren, zoals je Antivirus indien je problemen tijdens het uitvoeren ondervindt.)
Dubbelklik op dds.scr om de tool te starten.
Na het voltooien van de scan worden 2 tekstbestanden geopend :
DDS.txt en
Attach.txt
Sla beide tekstbestanden op op je bureaublad, waarna je het “D.D.S. - How to post the logs” venstertje mag sluiten door op OK te klikken..
=> Kopieer en plak ENKEL het DDS.txt log in je volgende post. (Het Attach.txt log post je enkel indien een Helper je hierom expliciet vraagt !!)
Vertel ook hoe het verder gaat.
Gr.Ben
marcel

20-06-2013 18:18

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
Run by manon at 18:15:05 on 2013-06-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.532
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?hl=nl
uProxyOverride = 127.0.0.1;*.local
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: c:\windows\system32\ctfmon.exe
mRun: c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
dRun: c:\windows\system32\CTFMON.EXE
dRun: “c:\progra~1\common~1\micros~1\dw\dwtrig20.exe” -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} -
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353790306718
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{569E45D2-5D2E-441E-BCDA-21ADD0E8C094} : DHCPNameServer = 212.54.40.25 212.54.35.25
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: WindowsCopy - {312BED3C-A901-4203-B4F2-ADCB957D1887} - c:\documents and settings\all users\application data\3936\lmbd.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys –> c:\program files\enigma software group\spyhunter\esgiguard.sys
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe
S3 s494.sys;s494.sys;\??\c:\windows\system32\drivers\s494.sys –> c:\windows\system32\drivers\s494.sys
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\adblock.dll –> c:\program files\lavasoft\personal firewall\kernel\ADBLOCK.DLL
S4 ARP.DLL;ARP.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\arp.dll –> c:\program files\lavasoft\personal firewall\kernel\ARP.DLL
S4 CONTENT.DLL;CONTENT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\content.dll –> c:\program files\lavasoft\personal firewall\kernel\CONTENT.DLL
S4 DNSCACHE.DLL;DNSCACHE.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\dnscache.dll –> c:\program files\lavasoft\personal firewall\kernel\DNSCACHE.DLL
S4 FTPFILT.DLL;FTPFILT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\ftpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\FTPFILT.DLL
S4 HTMLFILT.DLL;HTMLFILT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\htmlfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTMLFILT.DLL
S4 HTTPFILT.DLL;HTTPFILT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\httpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTTPFILT.DLL
S4 IMAPFILT.DLL;IMAPFILT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\imapfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\IMAPFILT.DLL
S4 MAILFILT.DLL;MAILFILT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\mailfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\MAILFILT.DLL
S4 NNTPFILT.DLL;NNTPFILT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\nntpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\NNTPFILT.DLL
S4 POP3FILT.DLL;POP3FILT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\pop3filt.dll –> c:\program files\lavasoft\personal firewall\kernel\POP3FILT.DLL
S4 PROTECT.DLL;PROTECT.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\protect.dll –> c:\program files\lavasoft\personal firewall\kernel\PROTECT.DLL
S4 SECRET.DLL;SECRET.DLL;\??\c:\program files\lavasoft\personal firewall\kernel\secret.dll –> c:\program files\lavasoft\personal firewall\kernel\SECRET.DLL
.
=============== Created Last 30 ================
.
2013-06-20 14:17:39 24064 -c–a-w- c:\windows\zoek-delete.exe
2013-06-19 15:34:30 ——– dc—-w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-06-19 15:34:29 ——– dc—-w- c:\documents and settings\all users\application data\IObit
2013-06-19 15:34:27 ——– dc—-w- c:\documents and settings\manon\application data\IObit
2013-06-19 12:41:19 ——– dc-h–r- c:\documents and settings\manon\Onlangs geopend
2013-06-19 12:22:40 ——– dc—-w- c:\windows\ERUNT
.
==================== Find3M ====================
.
2013-05-07 22:27:23 920064 -c–a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27:23 43520 -c–a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27:22 1469440 -c–a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:55 385024 -c–a-w- c:\windows\system32\html.iec
2013-05-03 05:39:10 2154496 -c–a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39:10 2033152 -c–a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-26 06:37:20 146944 -csha-r- c:\windows\system32\umpnpmgr1.dll
2013-04-12 14:01:38 1876480 -c–a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50:32 22856 -c–a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:33:22 237088 -c—-w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:15:55,32 ===============
marcel

20-06-2013 18:24

hoi Ben pc draaid best allen dat “beveiligingscentrum blijft niet benaderbaar”
in Configscherm
en ik zie dat lafasoft er ook niet af wil he in de logjes
heb in verleden als eens op nieuw geinstall en dan verwijderd ( was jullie idee toen) maar dat hielp ook niet
gr marcel.
Ben

20-06-2013 18:37

Hallo,
Gaan we nog maals:
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
Dubbelklik op Zoek.exe om de tool te starten.
Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
ADBLOCK.DLL;s
c:\program files\lavasoft;fs
ARP.DLL;s
CONTENT.DLL;s
DNSCACHE.DLL;s
FTPFILT.DLL;s
HTMLFILT.DLL;s
HTTPFILT.DLL;s
IMAPFILT.DLL;s
MAILFILT.DLL;s
NNTPFILT.DLL;s
POP3FILT.DLL;s
PROTECT.DLL;s
SECRET.DLL;s
c:\windows\system32\drivers\s494.sys;f
s494.sys;s
c:\documents and settings\all users\application data\IObit;f
c:\documents and settings\manon\application data\IObit;f
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als het nodig is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Download ESET Service Repair naar het bureaublad.
Open de service repair tool (ServiceRepair.exe).
Windows 7 en Vista gebruikers rechtsklik -> uitvoeren als Administrator.
Wanneer je een beveiligings waarschuwing krijgt klik je op doorgaan of ja om door te gaan.
Wanneer de tool klaar is zal er gevraagd worden om de computer te herstarten, klik op ja om te herstarten.
Als het goed is zal de tool een log maken deze is nu terug te vinden in de map CC Support.
Plaats het logje genaamd: CC Support\Logs\SvcRepair.txt
Vertel hoe het hierna gaat.
Gr.Ben
marcel

20-06-2013 18:57

logjes
Zoek.exe Version 4.0.0.2 Updated 18-June-2013
Tool run by manon on do 20-06-2013 at 18:45:06,20.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results19-06-2013-2241.log 18870 bytes
C:\zoek-results20-06-2013-1621.log 4549 bytes
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADBLOCK.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ADBLOCK.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ARP.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ARP.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CONTENT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\CONTENT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCACHE.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\DNSCACHE.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FTPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FTPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTMLFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HTMLFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HTTPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IMAPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IMAPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MAILFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MAILFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNTPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NNTPFILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\POP3FILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\POP3FILT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PROTECT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PROTECT.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SECRET.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SECRET.DLL deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s494.sys deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s494.sys deleted successfully
==== Deleting Files \ Folders ======================
“c:\windows\system32\drivers\s494.sys” not found
“c:\program files\lavasoft” not found
“c:\documents and settings\all users\application data\IObit\Install.ini” deleted
“c:\documents and settings\all users\application data\IObit\Public.ini” deleted
“c:\documents and settings\manon\application data\IObit\Uninstall Programs.lnk” deleted
“c:\documents and settings\all users\application data\IObit\Advanced SystemCare V6\AscService.ini” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Ignore.ini” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\JFilterkey.dbd” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\License.log” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Main.ini” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\PFilterkey.dbd” deleted
“c:\documents and settings\manon\application data\IObit\IObit Uninstaller\Select.ini” deleted
“c:\documents and settings\manon\application data\IObit\IObit Uninstaller\SoftwareCache.ini” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Backup\ASCBackup32-2013-06-19(17-38-20).reg” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Downloader\ASC.exe_20130619.log” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Internet Booster\ASCChromeBak.dat” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Internet Booster\ASCInternetBak.dat” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Internet Booster\Config.ini” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Internet Booster\Ignore.ini” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Internet Booster\Local State.bk” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Internet Booster\Preferences.bk” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Log\ASCLog-2013-06-19(17-38-20).txt” deleted
“c:\documents and settings\manon\application data\IObit\IObit Uninstaller\Log\2013-06-19.log” deleted
“c:\documents and settings\all users\application data\IObit” deleted
“c:\documents and settings\manon\application data\IObit” deleted
“c:\documents and settings\all users\application data\IObit\Advanced SystemCare V6” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6” deleted
“c:\documents and settings\manon\application data\IObit\IObit Uninstaller” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Backup” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Boottime” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Downloader” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Internet Booster” deleted
“c:\documents and settings\manon\application data\IObit\Advanced SystemCare V6\Log” deleted
“c:\documents and settings\manon\application data\IObit\IObit Uninstaller\Log” deleted
==== EOF on do 20-06-2013 at 18:47:13,76 ======================
Log Opened: 2013-06-20 @ 18:49:52
18:49:52 - —————–
18:49:52 - | Begin Logging |
18:49:52 - —————–
18:49:52 - Fix started on a WIN_XP X86 computer
18:49:52 - Prep in progress. Please Wait.
18:49:54 - Prep complete
18:49:54 - Repairing Services Now. Please wait…
18:49:54 - Services Repair Complete.
18:50:09 - Reboot Initiated
Ben

20-06-2013 20:01

Hallo,
Hoe gaat het hierna?
Gr.Ben
marcel

20-06-2013 20:18

pc draaid prima
allen beveiligingcentrum is nog steeds niet beschikbaar om dat ie niet gestart is of hij is gestopt
zet ik m aan op automatich in service dan 1 sec en hij staat weer op uitgeschakeld
gr marcel
Ben

20-06-2013 20:25

Hallo,
Kijken of het volgende helpt:
Download
Farbar Service Scanner naar het bureaublad.
Dubbelklik op FSS.exe om de tool te starten.
Vink vervolgende de onderstaande items aan.
Internet Services
Windows Firewall
System Restore
Security Center / Action Center
Windows Update
Other Services
Klik vervolgens op de knop "Scan".
Er zal u een logbestand aangemaakt worden (FSS.txt) op dezelfde plaats vanwaar de ‘tool’ is gestart.
Plaats de inhoud hiervan in uw volgende bericht als.
Gr.Ben
marcel

20-06-2013 20:44

Farbar Service Scanner Version: 16-06-2013
Ran by manon (administrator) on 20-06-2013 at 20:43:01
Running from “C:\Documents and Settings\manon\Bureaublad”
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of Dnscache. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of Dnscache. The value does not exist.
Unable to retrieve ServiceDll of Dnscache. The value does not exist.
Checking LEGACY_Dnscache: ATTENTION!=====> Unable to open LEGACY_Dnscache\0000 registry key. The key does not exist.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
- - 0126976 ___AC (Microsoft Corporation) 146AB038F5DBB366122D28444999AB2C
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
- - 0045568 ___AC (Microsoft Corporation) DE6CDB6CBC5C27B9085CFA6DFE8E5025
C:\WINDOWS\system32\ipnathlp.dll
- - 0332288 ___AC (Microsoft Corporation) 7579C4BE909D47F10F3D8D801CB13ED9
C:\WINDOWS\system32\netman.dll
- - 0198144 ___AC (Microsoft Corporation) 5431FB616ECAE0D587C5B97D0B86CBD8
C:\WINDOWS\system32\wbem\WMIsvc.dll
- - 0145408 ___AC (Microsoft Corporation) F9E105F369C18E4001E0C05AAF600D73
C:\WINDOWS\system32\srsvc.dll
- - 0171008 ___AC (Microsoft Corporation) 81CBF363C414620CAA61BD6843D8FDB9
C:\WINDOWS\system32\Drivers\sr.sys
- - 0073472 ___AC (Microsoft Corporation) 64D2A7640E0767ECD3BCB38D3200E7CE
C:\WINDOWS\system32\wscsvc.dll
- - 0080896 ___AC (Microsoft Corporation) 843F7FA8EA38E6A4262976DCC994C81A
C:\WINDOWS\system32\wbem\WMIsvc.dll
- - 0145408 ___AC (Microsoft Corporation) F9E105F369C18E4001E0C05AAF600D73
C:\WINDOWS\system32\wuauserv.dll
- - 0006656 ___AC (Microsoft Corporation) 1E8FDDDEF3FE260BADAB06DAE10D753A
C:\WINDOWS\system32\qmgr.dll
- - 0409088 ___AC (Microsoft Corporation) 5C0073A51C4873430FA8B262E92183FF
C:\WINDOWS\system32\es.dll
- - 0253952 ___AC (Microsoft Corporation) 97912DC0679D2DA60CCE589BBC196D72
C:\WINDOWS\system32\cryptsvc.dll
- - 0062464 ___AC (Microsoft Corporation) 0A9CF5D3CF63A8699F28C814EF821C7E
C:\WINDOWS\system32\svchost.exe
- - 0014336 ___AC (Microsoft Corporation) E410EC73E2BE2A41D923B006F51C8427
C:\WINDOWS\system32\rpcss.dll
- - 0401408 ___AC (Microsoft Corporation) D9883335CC1C17AFC3A09C8AC3E4DBE4
C:\WINDOWS\system32\services.exe
- - 0111104 ___AC (Microsoft Corporation) 657B69389B893F440B07590C9E963F23
Extra List:
=======
fssfltr(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) xcpip(3) xpsec(4)
0x0B000000040000000100000002000000030000000A000000080000000C0000000500000006000000090000000B000000
IpSec Tag value is correct.
**** End of log ****

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

veel troep en trojans?

marcel

Ben

marcel

marcel

Ben

marcel

Ben

marcel

Ben

marcel