Laptop XP kan alleen in veilige modus worden opgestart

  • Raimond

    Hallo, Malwarebytes heeft niets gevonden. Mijn laptop komt niet verder in xp dan het inlogscherm. Ik kan mijn wachtwoord invoeren, maar daarna doet hij niets meer. Wel kan ik de laptop in veilige modus opstarten. Hieronder het log van RSIT. Ik hoop dat iemand mij kan helpen.

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Laptops4all at 2014-04-16 15:24:12

    Microsoft Windows XP Professional Service Pack 3

    System drive C: has 55 GB (73%) free of 76 GB

    Total RAM: 2038 MB (79% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 15:24:18, on 16-4-2014

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Safe mode with network support

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Laptops4all\Bureaublad\RSIT.exe

    C:\Program Files\trend micro\Laptops4all.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: “C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe” /tf Intel Wireless Tray

    O4 - HKLM\..\Run: C:\Program Files\DellTPad\Apoint.exe

    O4 - HKLM\..\Run: C:\Program Files\Dell\QuickSet\QuickSet.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

    O4 - Global Startup: Bluetooth Manager.lnk = ?

    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289838520869

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1329323712173

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

    End of file - 7062 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Adobe Flash Player Updater.job

    C:\WINDOWS\tasks\At1.job

    C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

    C:\WINDOWS\tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job

    C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job

    =========Mozilla firefox=========

    ProfilePath - C:\Documents and Settings\Laptops4all\Application Data\Mozilla\Firefox\Profiles\kedz44ji.default

    prefs.js - “browser.search.useDBForOrder” - true

    “jqs@sun.com”=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

    “{20a82645-c095-46ed-80e3-08825760534b}”=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    “Description”=Adobe® Flash® Player 12.0.0.77 Plugin

    “Path”=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

    “Description”=Adobe Shockwave Player

    “Path”=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

    “Description”=Oracle® Next Generation Java™ Plug-In

    “Path”=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

    “Description”=McAfee Mss Plugin

    “Path”=C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll

    “Description”=Ag Player Plugin

    “Path”=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

    “Description”=Windows Presentation Foundation plug-in for Mozilla browsers

    “Path”=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    “Description”=Handles PDFs in-place in Firefox

    “Path”=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

    ======Registry dump======

    MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll

    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll

    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    “SigmatelSysTrayApp”=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    “IgfxTray”=C:\WINDOWS\system32\igfxtray.exe

    “HotKeysCmds”=C:\WINDOWS\system32\hkcmd.exe

    “Persistence”=C:\WINDOWS\system32\igfxpers.exe

    “IntelZeroConfig”=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

    “IntelWireless”=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

    “Apoint”=C:\Program Files\DellTPad\Apoint.exe

    “Dell QuickSet”=C:\Program Files\Dell\QuickSet\QuickSet.exe

    “SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe

    “MSConfig”=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

    “CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    c:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Voipwise.com\Voipwise\voipwise.exe

    C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE

    C:\Documents and Settings\Laptops4all\Menu Start\Programma's\Opstarten\OneNote-inhoudsopgave.onetoc2

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

    McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

    C:\WINDOWS\system32\igfxdev.dll

    C:\WINDOWS\system32\WgaLogon.dll

    “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “NoDriveTypeAutoRun”=145

    “HonorAutoRunSetting”=1

    “%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”

    “%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”

    “C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook”

    “C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove”

    “C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote”

    “C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe”=“C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe:*:Enabled:Voipwise”

    “C:\WINDOWS\system32\rundll32.exe”=“C:\WINDOWS\system32\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten”

    “C:\WINDOWS\system32\dpvsetup.exe”=“C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test”

    “%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”

    “%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”

    “midimapper”=midimap.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msadpcm”=msadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.trspch”=tssoft32.acm

    “vidc.cvid”=iccvid.dll

    “vidc.I420”=msh263.drv

    “vidc.iv31”=ir32_32.dll

    “vidc.iv32”=ir32_32.dll

    “vidc.iv41”=ir41_32.ax

    “vidc.iyuv”=iyuv_32.dll

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvu9”=tsbyuv.dll

    “vidc.yvyu”=msyuv.dll

    “wavemapper”=msacm32.drv

    “msacm.msg723”=msg723.acm

    “vidc.M263”=msh263.drv

    “vidc.M261”=msh261.drv

    “msacm.msaudio1”=msaud32.acm

    “msacm.sl_anet”=sl_anet.acm

    “msacm.iac2”=C:\WINDOWS\system32\iac25_32.ax

    “vidc.iv50”=ir50_32.dll

    “msacm.l3acm”=C:\WINDOWS\system32\l3codeca.acm

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “VIDC.XVID”=xvidvfw.dll

    “msacm.ac3acm”=ac3acm.acm

    “VIDC.wmv3”=wmv9vcm.dll

    “VIDC.FFDS”=ff_vfw.dll

    ======List of files/folders created in the last 1 month======

    2014-04-16 15:15:59 —-D—- C:\Program Files\trend micro

    2014-04-16 15:15:58 —-D—- C:\rsit

    2014-04-16 15:09:17 —-SHD—- C:\WINDOWS\CSC

    2014-04-16 14:38:32 —-D—- C:\WINDOWS\pss

    2014-04-16 14:03:58 —-A—- C:\WINDOWS\ntbtlog.txt

    2014-04-09 18:18:50 —-HDC—- C:\WINDOWS\$NtUninstallKB2922229$

    2014-04-03 11:06:55 —-D—- C:\Elsevier

    2014-03-27 18:23:24 —-HDC—- C:\WINDOWS\$NtUninstallKB2934207$

    2014-03-27 14:04:51 —-N—- C:\WINDOWS\system32\xp_eos.exe

    2014-03-19 12:32:01 —-D—- C:\Program Files\Mozilla Firefox

    ======List of files/folders modified in the last 1 month======

    2014-04-16 15:15:59 —-RD—- C:\Program Files

    2014-04-16 15:15:47 —-D—- C:\WINDOWS\system32\drivers

    2014-04-16 15:09:25 —-D—- C:\Documents and Settings

    2014-04-16 15:09:17 —-D—- C:\WINDOWS

    2014-04-16 14:46:04 —-SH—- C:\boot.ini

    2014-04-16 14:46:04 —-A—- C:\WINDOWS\win.ini

    2014-04-16 14:46:04 —-A—- C:\WINDOWS\system.ini

    2014-04-16 14:42:50 —-SD—- C:\WINDOWS\Tasks

    2014-04-16 13:45:51 —-D—- C:\WINDOWS\Temp

    2014-04-16 09:36:21 —-A—- C:\WINDOWS\SchedLgU.Txt

    2014-04-16 09:36:10 —-HD—- C:\WINDOWS\inf

    2014-04-16 09:32:11 —-SHD—- C:\WINDOWS\Installer

    2014-04-16 09:32:08 —-D—- C:\WINDOWS\Prefetch

    2014-04-14 12:05:18 —-D—- C:\OpenAC

    2014-04-13 11:36:52 —-D—- C:\WINDOWS\system32

    2014-04-09 18:19:30 —-D—- C:\Documents and Settings\All Users\Application Data\Microsoft Help

    2014-04-09 18:18:52 —-RSHDC—- C:\WINDOWS\system32\dllcache

    2014-04-09 18:17:34 —-D—- C:\WINDOWS\system32\MRT

    2014-04-09 18:15:21 —-A—- C:\WINDOWS\system32\MRT.exe

    2014-04-09 18:15:07 —-A—- C:\WINDOWS\imsins.BAK

    2014-04-09 18:14:56 —-D—- C:\Program Files\Internet Explorer

    2014-04-09 18:14:48 —-D—- C:\WINDOWS\system32\CatRoot2

    2014-04-07 15:52:17 —-D—- C:\Program Files\DYMO Label

    2014-04-07 15:52:17 —-A—- C:\WINDOWS\iltwain.ini

    2014-04-03 11:10:14 —-D—- C:\Program Files\Microsoft Security Client

    2014-04-01 20:14:33 —-A—- C:\WINDOWS\system32\PerfStringBackup.INI

    2014-03-31 10:59:43 —-SD—- C:\Documents and Settings\Laptops4all\Application Data\Microsoft

    2014-03-24 11:08:56 —-D—- C:\Program Files\Mozilla Maintenance Service

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys

    R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys

    R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys

    R1 WmiAcpi;Microsoft Windows Beheerinterface voor ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

    R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys

    R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

    R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys

    R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

    R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys

    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys

    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

    S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys

    S0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys

    S1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

    S1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys

    S1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys

    S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

    S2 s24trans;WLAN-transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys

    S3 ae6g9f2p;ae6g9f2p; C:\WINDOWS\system32\drivers\ae6g9f2p.sys

    S3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys

    S3 CSRBC;CSRBC.Sys CSR test driver; C:\WINDOWS\System32\Drivers\csrbcxp.sys

    S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys

    S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

    S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

    S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

    S3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys

    S3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys

    S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys

    S3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys

    S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys

    S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys

    S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

    S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

    S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys

    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys

    S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe

    S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe

    S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe

    S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    S2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

    S2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

    S2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    S2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

    S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

    S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

    S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

    —————–EOF—————–

  • Raimond

    Hierbij het logje van Malwarebyte

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.01.07.02

    Windows XP Service Pack 3 x86 NTFS (Veilige modus)

    Internet Explorer 8.0.6001.18702

    Laptops4all :: DELL

    16-4-2014 14:35:38

    mbam-log-2014-04-16 (14-35-38).txt

    Scan type: Snelle scan

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 218075

    Verstreken tijd: 27 minuut/minuten, 39 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

  • Ben

    Hallo,

    Voer zoek.exe in veilige modus uit met netwerk ondersteuning:

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

    Download Zoek.exe naar het bureaublad.

    * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

    Zoek.exe uitvoeren

    Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

    * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

    * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    firefoxlook;

    emptyclsid;

    torpigcheck;

    C:\WINDOWS\tasks\At1.job;f

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    * Klik nu op de knop "Run script".

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post het geopende logje in het volgende bericht.

  • Raimond

    Hierbij het log van zoek.exe

    Zoek.exe v5.0.0.0 Updated 14-April-2014

    Tool run by Laptops4all on wo 16-04-2014 at 16:06:41,23.

    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

    Running in: Safe Mode NETWORK Internet Access Detected

    Launched: C:\Documents and Settings\Laptops4all\Bureaublad\zoek.exe

    ==== System Restore Info ======================

    Failed to create System Restore Point.

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\CDF {67EA19A0-CCEF-11d0-8024-00C04FD75D13} %SystemRoot%\system32\shdocvw.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MyDocuments {ECF03A33-103D-11d2-854D-006008059367} %SystemRoot%\system32\mydocs.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} ntshrui.dll

    ==== Empty Folders Check ======================

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alwil Software deleted successfully

    C:\Documents and Settings\Laptops4all\Application Data\Systweak deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    ==== Deleting CLSID Registry Values ======================

    HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully

    ==== Running Processes ======================

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Documents and Settings\Laptops4all\Bureaublad\zoek.exe

    C:\WINDOWS\system32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k NetworkService

    C:\WINDOWS\system32\svchost.exe -k LocalService

    ==== Deleting Services ======================

    ==== FireFox Fix ======================

    ProfilePath: C:\Documents and Settings\LAPTOP~1\Application Data\Mozilla\Firefox\Profiles\kedz44ji.default

    —- Lines mysearchdial removed from prefs.js —-

    user_pref(“browser.search.defaultenginename”, “Mysearchdial”);

    user_pref(“browser.search.order.1”, “Mysearchdial”);

    user_pref(“extensions.mysearchdial.aflt”, “irmsd103aw”);

    user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”);

    user_pref(“extensions.mysearchdial.cd”, "2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1

    user_pref(“extensions.mysearchdial.cntry”, “NL”);

    user_pref(“extensions.mysearchdial.cr”, “1874739414”);

    user_pref(“extensions.mysearchdial.dfltLng”, “”);

    user_pref(“extensions.mysearchdial.dfltSrch”, true);

    user_pref(“extensions.mysearchdial.dnsErr”, true);

    user_pref(“extensions.mysearchdial.dpkLst”, "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,304628180

    user_pref(“extensions.mysearchdial.excTlbr”, false);

    user_pref(“extensions.mysearchdial.hdrMd5”, “”);

    user_pref(“extensions.mysearchdial.hmpg”, true);

    user_pref(“extensions.mysearchdial.hmpgUrl”, "http://start.mysearchdial.com/?f=1&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0

    user_pref(“extensions.mysearchdial.id”, “001D09C87B262D9C”);

    user_pref(“extensions.mysearchdial.instlDay”, “16026”);

    user_pref(“extensions.mysearchdial.instlRef”, “”);

    user_pref(“extensions.mysearchdial.lastB”, "http://start.mysearchdial.com/?f=1&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tz

    user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.21.020:30:31”);

    user_pref(“extensions.mysearchdial.newTabUrl”, "http://start.mysearchdial.com/?f=2&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0

    user_pref(“extensions.mysearchdial.pnu_base”, “{\”newVrsn\“:\”85\“,\”lastVrsn\“:\”85\“,\”vrsnLoad\“:\”\“,\”showMsg\“:\”false\“,\”showSilent\“:\”false\

    user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”);

    user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”);

    user_pref(“extensions.mysearchdial.sg”, “none”);

    user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”);

    user_pref(“extensions.mysearchdial.tlbrId”, “base”);

    user_pref(“extensions.mysearchdial.tlbrSrchUrl”, "http://start.mysearchdial.com/?f=3&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0Ct

    user_pref(“extensions.mysearchdial.vrsn”, “1.8.21.0”);

    user_pref(“extensions.mysearchdial.vrsni”, “1.8.21.0”);

    user_pref(“extensions.mysearchdial_i.hmpg”, true);

    user_pref(“extensions.mysearchdial_i.newTab”, false);

    user_pref(“extensions.mysearchdial_i.smplGrp”, “none”);

    user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.21.020:30:31”);

    —- Lines mysearchdial removed from user.js —-

    user_pref(“extensions.mysearchdial.hmpg”, true);

    user_pref(“extensions.mysearchdial.hmpgUrl”, “http://start.mysearchdial.com/?f=1&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1874739414&ir=”);

    user_pref(“extensions.mysearchdial.dfltSrch”, true);

    user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”);

    user_pref(“extensions.mysearchdial.dnsErr”, true);

    user_pref(“extensions.mysearchdial_i.newTab”, false);

    user_pref(“extensions.mysearchdial.newTabUrl”, “http://start.mysearchdial.com/?f=2&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1874739414&ir=”);

    user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “http://start.mysearchdial.com/?f=3&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1874739414&ir=&q=”);

    user_pref(“extensions.mysearchdial.id”, “001D09C87B262D9C”);

    user_pref(“extensions.mysearchdial.instlDay”, “16026”);

    user_pref(“extensions.mysearchdial.vrsn”, “1.8.21.0”);

    user_pref(“extensions.mysearchdial.vrsni”, “1.8.21.0”);

    user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.21.020:30:31”);

    user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”);

    user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”);

    user_pref(“extensions.mysearchdial.aflt”, “irmsd103aw”);

    user_pref(“extensions.mysearchdial_i.smplGrp”, “none”);

    user_pref(“extensions.mysearchdial.tlbrId”, “base”);

    user_pref(“extensions.mysearchdial.instlRef”, “”);

    user_pref(“extensions.mysearchdial.dfltLng”, “”);

    user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”);

    user_pref(“extensions.mysearchdial.excTlbr”, false);

    user_pref(“extensions.mysearchdial_i.hmpg”, true);

    user_pref(“extensions.mysearchdial.cr”, “1874739414”);

    user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R”);

    —- Lines jqs@sun.com modified from prefs.js —-

    user_pref(“extensions.installCache”, "

    “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”

    “DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t”

    “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”

    “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”

    “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”

    “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”

    “DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t”

    “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe”

    “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe”

    “Persistence”=“C:\WINDOWS\system32\igfxpers.exe”

    “IntelZeroConfig”=“C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe”

    “IntelWireless”=“C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel Wireless Tray”

    “Apoint”=“C:\Program Files\DellTPad\Apoint.exe”

    “Dell QuickSet”=“C:\Program Files\Dell\QuickSet\QuickSet.exe”

    “SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    “MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto”

    “SigmatelSysTrayApp”=“%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe”

    “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”

    ==== Startup Registry Disabled ======================

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“AdobeARM”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Reader_sl”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“GrooveMonitor”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“msseces”

    “hkey”=“HKLM”

    “command”=“\”c:\\Program Files\\Microsoft Security Client\\msseces.exe\“ -hide -runkey”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“msmsgs”

    “hkey”=“HKCU”

    “command”=“\”C:\\Program Files\\Messenger\\msmsgs.exe\“ /background”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“voipwise”

    “hkey”=“HKCU”

    “command”=“\”C:\\Program Files\\Voipwise.com\\Voipwise\\voipwise.exe\“ -nosplash -minimized”

    “path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\McAfee Security Scan Plus.lnk”

    “backup”=“C:\\WINDOWS\\pss\\McAfee Security Scan Plus.lnkCommon Startup”

    “command”=“C:\\PROGRA~1\\MCAFEE~1\\38B0E9~1.141\\SSSCHE~1.EXE ”

    “item”=“McAfee Security Scan Plus”

    “path”=“C:\\Documents and Settings\\Laptops4all\\Menu Start\\Programma's\\Opstarten\\OneNote 2007 Schermopname en Snel starten.lnk”

    “backup”=“C:\\WINDOWS\\pss\\OneNote 2007 Schermopname en Snel starten.lnkStartup”

    “command”=“C:\\PROGRA~1\\MICROS~4\\Office12\\ONENOTEM.EXE /tsr”

    “item”=“OneNote 2007 Schermopname en Snel starten”

    “path”=“C:\\Documents and Settings\\Laptops4all\\Menu Start\\Programma's\\Opstarten\\OneNote-inhoudsopgave.onetoc2”

    “backup”=“C:\\WINDOWS\\pss\\OneNote-inhoudsopgave.onetoc2Startup”

    “command”=“C:\\Documents and Settings\\Laptops4all\\Menu Start\\Programma's\\Opstarten\\OneNote-inhoudsopgave.onetoc2”

    “item”=“OneNote-inhoudsopgave”

    ==== Task Scheduler Jobs ======================

    C:\WINDOWS\tasks\Adobe Flash Player Updater.job –a—— C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job –ah—– C:\Program Files\Microsoft Security Client\MpCmdRun.exe

    C:\WINDOWS\tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job –a—— C:\WINDOWS\system32\xp_eos.exe

    C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job –a—— C:\WINDOWS\system32\xp_eos.exe

    ==== Folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 0-6 Months Old ======================

    2013-11-21 18:49:21 ——– d—–w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Caphyon

    2014-01-07 09:14:46 ——– d—–w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

    ==== Firefox Extensions Registry ======================

    “{20a82645-c095-46ed-80e3-08825760534b}”=“c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension”

    ==== Firefox Extensions ======================

    ProfilePath: C:\Documents and Settings\LAPTOP~1\Application Data\Mozilla\Firefox\Profiles\kedz44ji.default

    - MySearchDial - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi

    AppDir: C:\Program Files\Mozilla Firefox

    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Documents and Settings\Laptops4all\Application Data\Mozilla\Firefox\Profiles\kedz44ji.default

    95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash

    01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In

    63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +

    AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat

    AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

    34E3709244736B8976820F730E5A8815 - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U31

    A878453A1714870EAADA83E6434BDB77 - C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll - Java Deployment Toolkit 6.0.310.5

    AC47B55B38D626B678897F195793ECAB - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

    AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

    901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

    0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

    F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

    28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

    ==== Deleted Firefox Extensions ======================

    C:\Documents and Settings\LAPTOP~1\Application Data\Mozilla\Firefox\Profiles\kedz44ji.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi deleted

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    bopakagnckmlgajfccecajhnimjiiedh - No path found

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://www.google.com”

    “Start Page”=“http://www.google.com”

    “Tabs”=“http://start.mysearchdial.com/?f=2&a=irmsd103aw&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1874739414&ir=”

    New Values:

    “Start Page”=“http://www.google.com”

    “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    “Tabs”=“res://ieframe.dll/tabswelcome.htm”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    “DefaultScope”=“{77AA745B-F4F8-45DA-9B14-61D2D95054C8}”

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url=“Not_Found”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    {77AA745B-F4F8-45DA-9B14-61D2D95054C8} Unknown Url=“http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC”

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-448539723-583907252-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3BFF165A-A27B-4A98-A65C-6E82A5FBF318} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NZBEE deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A561FFB3B72A89A46AC5E6285ABF3F81 deleted successfully

    ==== HijackThis Entries ======================

    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: “C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe” /tf Intel Wireless Tray

    O4 - HKLM\..\Run: C:\Program Files\DellTPad\Apoint.exe

    O4 - HKLM\..\Run: C:\Program Files\Dell\QuickSet\QuickSet.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

    O4 - Global Startup: Bluetooth Manager.lnk = ?

    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289838520869

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1329323712173

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

    ==== Empty IE Cache ======================

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Documents and Settings\Laptops4all\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

    ==== Empty FireFox Cache ======================

    C:\Documents and Settings\Laptops4all\Local Settings\Application Data\Mozilla\Firefox\Profiles\kedz44ji.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    No Chrome Cache found

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=176 folders=19 36176702 bytes)

    ==== Empty Temp Folders ======================

    C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully

    C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully

    C:\Documents and Settings\Laptops4all\Local Settings\Temp will be emptied at reboot

    C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully

    C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully

    C:\WINDOWS\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied

    C:\DOCUME~1\LAPTOP~1\LOCALS~1\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\RECYCLER successfully emptied

    ==== Deleting Files / Folders ======================

    “C:\Documents and Settings\Laptops4all\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not deleted

    ==== EOF on wo 16-04-2014 at 16:18:28,26 ======================

  • Ben

    Hallo,

    Verwijder Microsoft Security Client het is niet zeker of deze XP nog goed beschermt.

    Kan je hierna weer normaal opstarten?

  • Raimond

    Hoi Ben,

    Als ik Microsoft Security Essentials wil verwijderen krijg ik de melding dat ik het alleen in normale modus kan verwijderen.En mijn probleem is dat ik niet in normale modus kan opstarten.

  • Ben

    Hallo,

    Doe het volgende veilige modus:

    Download ComboFix

    >>Hier<<, kunt je lezen hoe je Combofix dient te gebruiken.

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

    *. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

    Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier

    *. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

    *. Dubbelklik op “Combofix.exe” om de tool te starten.

    *. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)

    *. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.

    * Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.

    *. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

  • Raimond

    ComboFix 14-04-12.01 - Laptops4all 16-04-2014 16:52:17.1.2 - x86 NETWORK

    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1728

    Gestart vanuit: c:\documents and settings\Laptops4all\Bureaublad\ComboFix.exe

    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    .

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\All Users\Application Data\Dell

    c:\documents and settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare

    c:\documents and settings\Laptops4all\Application Data\Dell

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2014-03-16 to 2014-04-16 ))))))))))))))))))))))))))))))

    .

    .

    2014-04-16 14:16 . 2014-04-16 14:05 24064 —-a-w- c:\windows\zoek-delete.exe

    2014-04-16 14:05 . 2014-04-16 14:15 ——– d—–w- C:\zoek_backup

    2014-04-16 13:43 . 2014-04-16 13:43 ——– d–h–r- c:\documents and settings\Laptops4all\Onlangs geopend

    2014-04-16 13:37 . 2014-04-16 13:38 ——– d—–w- c:\program files\CCleaner

    2014-04-16 13:15 . 2014-04-16 13:24 ——– d—–w- c:\program files\trend micro

    2014-04-16 13:15 . 2014-04-16 13:16 ——– d—–w- C:\rsit

    2014-04-16 13:09 . 2014-04-16 13:09 ——– d—–w- c:\documents and settings\Administrator

    2014-04-16 06:19 . 2014-04-01 02:32 8049928 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BD06C96-A095-478A-AD84-F6B8F6BD0ADE}\mpengine.dll

    2014-04-14 19:51 . 2014-03-07 04:35 7969936 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2014-04-03 09:06 . 2014-04-03 09:08 ——– d—–w- C:\Elsevier

    2014-03-27 12:04 . 2014-02-26 23:28 13312 -c—-w- c:\windows\system32\dllcache\xp_eos.exe

    2014-03-27 12:04 . 2014-02-26 23:28 13312 ——w- c:\windows\system32\xp_eos.exe

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-03-12 08:47 . 2012-05-10 16:09 692616 —-a-w- c:\windows\system32\FlashPlayerApp.exe

    2014-03-12 08:47 . 2012-03-19 12:35 71048 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2014-03-06 17:58 . 2004-08-04 12:00 920064 —-a-w- c:\windows\system32\wininet.dll

    2014-03-06 17:58 . 2004-08-04 12:00 43520 ——w- c:\windows\system32\licmgr10.dll

    2014-03-06 17:58 . 2004-08-04 12:00 18944 —-a-w- c:\windows\system32\corpol.dll

    2014-03-06 17:58 . 2004-08-04 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl

    2014-03-06 00:50 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec

    2014-02-07 06:36 . 2004-08-04 12:00 1879168 —-a-w- c:\windows\system32\win32k.sys

    2014-02-05 08:55 . 2004-08-04 12:00 563200 —-a-w- c:\windows\system32\qedit.dll

    2014-01-24 23:19 . 2011-04-18 12:18 231960 —-a-w- c:\windows\system32\drivers\MpFilter.sys

    2014-01-19 07:32 . 2012-02-15 16:16 231584 ——w- c:\windows\system32\MpSigStub.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    “SigmatelSysTrayApp”=“c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe”

    “IgfxTray”=“c:\windows\system32\igfxtray.exe”

    “HotKeysCmds”=“c:\windows\system32\hkcmd.exe”

    “Persistence”=“c:\windows\system32\igfxpers.exe”

    “IntelZeroConfig”=“c:\program files\Intel\WiFi\bin\ZCfgSvc.exe”

    “IntelWireless”=“c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe”

    “Apoint”=“c:\program files\DellTPad\Apoint.exe”

    “Dell QuickSet”=“c:\program files\Dell\QuickSet\QuickSet.exe”

    “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”

    .

    “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”

    “DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe”

    .

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

    .

    @=“Service”

    .

    @=“Driver”

    .

    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk

    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

    .

    path=c:\documents and settings\Laptops4all\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk

    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

    .

    path=c:\documents and settings\Laptops4all\Menu Start\Programma's\Opstarten\OneNote-inhoudsopgave.onetoc2

    backup=c:\windows\pss\OneNote-inhoudsopgave.onetoc2Startup

    .

    2013-04-04 21:06 958576 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    .

    2013-05-08 21:20 41056 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    .

    2009-02-26 17:36 30040 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    .

    2014-03-11 08:13 951576 —-a-w- c:\program files\Microsoft Security Client\msseces.exe

    .

    2008-04-14 17:03 1695232 ——w- c:\program files\Messenger\msmsgs.exe

    .

    2014-03-03 08:20 19703096 —-a-w- c:\program files\Voipwise.com\Voipwise\voipwise.exe

    .

    “%windir%\\system32\\sessmgr.exe”=

    “%windir%\\Network Diagnostic\\xpnetdiag.exe”=

    “c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=

    “c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=

    “c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=

    “c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe”=

    “c:\\WINDOWS\\system32\\dpvsetup.exe”=

    .

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys

    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe

    .

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    .

    Inhoud van de ‘Gedeelde Taken’ map

    .

    2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    .

    2014-04-16 c:\windows\Tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job

    - c:\windows\system32\xp_eos.exe

    .

    2014-03-28 c:\windows\Tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job

    - c:\windows\system32\xp_eos.exe

    .

    .

    ——- Bijkomende Scan ——-

    .

    uStart Page = hxxp://www.google.com

    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.0.1

    FF - ProfilePath - c:\documents and settings\Laptops4all\Application Data\Mozilla\Firefox\Profiles\kedz44ji.default\

    FF - user.js: extensions.irmysearch.aflt - irmsd103aw

    FF - user.js: extensions.irmysearch.instlRef -

    FF - user.js: extensions.irmysearch.cr - 1874739414

    FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtC0DtDzy0CzzyB0BtByCtB0Dzy0CtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2014-04-16 16:55

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scannen van verborgen processen …

    .

    scannen van verborgen autostart items …

    .

    scannen van verborgen bestanden …

    .

    Scan succesvol afgerond

    verborgen bestanden: 0

    .

    **************************************************************************

    .

    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    .

    @Denied: (A 2) (Everyone)

    @=“FlashBroker”

    “LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101”

    .

    “Enabled”=dword:00000001

    .

    @=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    .

    @Denied: (A 2) (Everyone)

    @=“IFlashBroker5”

    .

    @=“{00020424-0000-0000-C000-000000000046}”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    “Version”=“1.0”

    .

    ——————— DLLs Geladen Onder Lopende Processen ———————

    .

    - - - - - - - > ‘winlogon.exe’(832)

    c:\windows\system32\netprovcredman.dll

    .

    Voltooingstijd: 2014-04-16 16:56:23

    ComboFix-quarantined-files.txt 2014-04-16 14:56

    .

    Pre-Run: 59.808.038.912 bytes beschikbaar

    Post-Run: 60.086.579.200 bytes beschikbaar

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

    UnsupportedDebug=“do not select this” /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

    .

    - - End Of File - - 5DFCAB014D91FE7CE82136D8FD89150C

    3051207086651214E435112E51817DC5

  • Ben

    Hallo,

    Kan je nu weer normaal opstarten?

    Zo nee kan je na het volgende wel je muis gebruiken (zie je het pijltje bewegen) Ik kan mijn wachtwoord invoeren, maar daarna doet hij niets meer

  • Raimond

    Hey Ben,

    Ik kan weer normaal opstarten. Hoe kan dat?

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.