Archief - onverklaarde CPU load met 1 programma.

https://www.beyondgaming.be/archive/software.22/everest-poker.841317

das de originele thread. Ik heb nadien hier nog wat liggen neuzen en vergelijkbare problemen gevonden. Aangezien het standaard antwoord altijd combofix is, heb ik alvast een scan hiermee gedaan.
Kan je eens kijken of er nog verdere actie ondernomen moet worden, en kon het kwaad dat men firewall nog op stond ?
Alvast bedankt.

ComboFix 12-01-19.01 - Guido 01/19/2012 17:45:42.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.515 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Guido\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Guido\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\boost_interprocess\20120103173716.375000
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guido\Application Data\mm
c:\documents and settings\Guido\WINDOWS
c:\documents and settings\Linda\WINDOWS
c:\documents and settings\postgres.LINDA\WINDOWS
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\IsUn0413.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5b872a2c5691f2fb.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\config\systemprofile\WINDOWS
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-19 to 2012-01-19 ))))))))))))))))))))))))))))))
.
.
2012-01-19 16:29 . 2012-01-19 16:29 -------- d--h--w- c:\documents and settings\Guido\Netwerkprinteromgeving
2012-01-14 15:12 . 2012-01-14 15:13 -------- d-----w- C:\Expat Shield
2012-01-14 15:12 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor90.dll
2012-01-14 15:12 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor80.dll
2012-01-14 15:12 . 2012-01-05 00:31 613704 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor.dll
2012-01-14 15:12 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor70.dll
2012-01-14 15:12 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor60.dll
2012-01-14 15:12 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor50.dll
2012-01-14 15:06 . 2012-01-19 13:24 -------- d-----w- c:\program files\Everest Poker
2012-01-12 16:58 . 2012-01-12 16:58 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-12 16:58 . 2012-01-12 16:58 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-12 16:58 . 2012-01-12 16:58 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-12 16:58 . 2012-01-12 16:58 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 14:21 . 2012-01-07 19:09 -------- d-----w- c:\documents and settings\Guido\Application Data\AVG
2012-01-07 14:11 . 2012-01-07 14:11 -------- d-----w- c:\documents and settings\Guido\Application Data\AVG Secure Search
2012-01-07 14:11 . 2012-01-15 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-07 14:11 . 2012-01-07 14:11 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-07 14:11 . 2012-01-15 12:21 -------- d-----w- c:\program files\AVG Secure Search
2012-01-07 14:11 . 2012-01-07 14:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-07 14:10 . 2012-01-19 13:08 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-07 14:10 . 2012-01-07 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-07 14:09 . 2012-01-07 14:20 -------- d-----w- c:\program files\AVG
2012-01-07 14:07 . 2012-01-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-04 23:01 . 2012-01-04 23:01 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-01-04 23:01 . 2012-01-04 23:01 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-12-31 15:57 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-12-31 15:57 . 2011-12-31 15:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-12-30 22:16 . 2012-01-19 14:22 -------- d--h--r- c:\documents and settings\Guido\Onlangs geopend
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2006-10-23 02:52 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2006-10-23 02:52 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 10:50 . 2011-07-23 21:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2006-11-14 00:07 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:13 . 2006-10-23 02:52 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2006-11-14 00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2006-11-14 00:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2006-11-14 00:03 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2006-11-14 00:07 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2006-10-23 02:52 1296384 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2006-10-23 02:52 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2006-11-14 00:01 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-08-04 07:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2004-08-04 07:58 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-12 16:58 . 2011-09-07 16:23 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-15 12:20 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-15 939872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-12 98304]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-12 06:46 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\APPS\\Powercinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [11/23/2011 2:36 AM 2391832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/15/2012 1:21 PM 909152]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2011 9:29 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/23/2011 11:51 PM 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
S3 BulkUsb;VoIPUSBDriver.sys;c:\windows\system32\drivers\VoIPUSBDriver.sys [9/16/2005 3:14 PM 149504]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2011 9:29 PM 136176]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [11/4/2011 9:55 AM 30920]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/14/2006 1:08 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 20:28]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 20:28]
.
2012-01-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
2012-01-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
2012-01-19 c:\windows\Tasks\User_Feed_Synchronization-{3FF1F61A-AB64-4571-B7E9-199CBB6244E9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-01-19 c:\windows\Tasks\User_Feed_Synchronization-{53398796-232B-4164-9426-31C4B4B231D8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 195.130.130.4 195.130.131.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} - hxxps://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
FF - ProfilePath - c:\documents and settings\Guido\Application Data\Mozilla\Firefox\Profiles\ox8xa4l0.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb3f24236-5c55-4b33-b942-f687b0957aa2%7D&mid=ddc392846f4847d1bd17d150674e4dbb-158c45bb8828580e4f4fbc30e683841be92ee952&ds=AVG&v=9.0.0.23&lang=en&pr=pr&d=2012-01-07%2015%3A11%3A51&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-19 17:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2012-01-19 17:56:28
ComboFix-quarantined-files.txt 2012-01-19 16:56
.
Pre-Run: 118,390,202,368 bytes beschikbaar
Post-Run: 118,514,524,160 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot
.
- - End Of File - - 07824697E05CC5CE535B2F7BADD6E1E5

Je doet je naam eer aan zie ik, combofix op eigen houtje gebruiken is niet slim want het is een krachtige tool die je niet lichtzinnig moet gebruiken!

Zoals ik al zei heb ik op dit forum verscheidene threads met gelijkaardige problemen gevonden. U antwoord is altijd combofix, altijd uitgevoerd door de vragende zelf zonder toezicht. Ik zie echt het verschil niet tussen ik die het zelf moet doen of ik die op toelating moet wachten en het dan zelf moet doen. Daarnaast zijn alle veranderingen die combofix maakt terugdraaibaar omdat het programma altijd met windows recovery console werkt.
Uw semi belediging vind ik dan ook maar zielig en onterecht, mompeld zo'n dingen tegen u scherm zoveel ge wilt maar om als eerste kennismaking direct conflict op te zoeken vind ik niet kunnen. Waarschijnlijk hebben we beiden nog veel te leren ;-)

Je reageert op mijn opmerking over je eigen NICK Ik zet NOOIT zomaar en zeker niet altijd combofix in en daarbij ben ik daar dan bij toch.?
Lang niet alle dingen die combofix 'fixt' zijn makkelijk terug herstelbaar dan wel heel lastig.
Verder wil ik je best helpen maar dan zal je toch wel uit een ander vaatje moeten tappen want ik wil best wel ( mijn gratis en vrijwillige ) tijd erin stoppen maar dan wil ik zeker niet als zielig en als mompelende figuur afgeschilderd willen worden. Iets leren zeg je :naughty:

Ik reageer op u houding, mijn nick heeft hier niks mee te maken, wijst mij op mijn fouten zoveel je wil, maar doe dit assertief niet aggressief. Als jij met zo'n houding in een echte winkel klanten ontvangt wil ik wel eens zien hoe lang je open houdt.
U "hulp" heb ik niet meer nodig, ge zou mij toch alleen maar combofix doen runnen...

Agressief zeg je terwijl je zelf onmiddellijk in een agressieve houding springt bij een terloopse opmerking ? In een winkel doen ze niet moeilijk, zet daar de computer maar neer en dan gaan we kijken. Resultaat, we moesten hem formateren helaas en we konden niks meer redden is doorgaans het antwoord. Plus de dikke rekening natuurlijk. Mijn hulp aan jou houd hier sowieso op want je bent toch niet voor rede vatbaar.

Beste klootviool, lees eens de sticky topic bovenaan het hijackthis forum om dan hier terug te eindigen met een hijackthis logje + de stand van zaken.