Ga naar inhoud

Internet opent altijd andere pagina's

L1tje

Door L1tje
in Archief Internet & Netwerk

 Delen

Aanbevolen berichten

L1tje Groentje

L1tje

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 10-02-05.01 - Gharbi 05/02/2010 21:40:02.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2813.1398 [GMT 1:00]

Gestart vanuit: d:\downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\1f76b13c-2c33-e17a-e0fc-5f74385de874

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\4b552741-9e01-82ff-45d1-2e44f8a0439f

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\9ac2b440-eb99-45f3-96a1-ccb450d6af92

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\a8884f4b-d38b-6ac9-7977-dc45bc555c76

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 126

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 141

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 16

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 204

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 219

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 235

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 251

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 313

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 32

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 329

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 344

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 376

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 391

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 407

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 422

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 438

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 454

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 47

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 485

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 501

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 516

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 547

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 594

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 63

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 641

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 704

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 751

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 797

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 813

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 891

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 907

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 922

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 969

c:\users\Gharbi\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html

c:\users\Gharbi\AppData\Local\Temp\jna8432244310818668308.tmp

c:\users\Gharbi\AppData\Local\Temp\ppcrlui_6344_2

c:\users\Gharbi\AppData\Roaming\BITS

c:\users\Gharbi\AppData\Roaming\BITS\BITS.ini

c:\users\Gharbi\AppData\Roaming\BITS\DHTTable.dat

c:\users\Gharbi\AppData\Roaming\BITS\pl.dat

c:\users\Gharbi\AppData\Roaming\BITS\ProxyList.ini

c:\users\Gharbi\AppData\Roaming\FlashGetBHO

c:\users\Gharbi\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

c:\users\Gharbi\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

c:\users\Gharbi\AppData\Roaming\FlashGetBHO\GetUrl.htm

c:\users\Gharbi\Music\Hassen music\darude - after the storm(techno)\Desktop_.ini

c:\users\Gharbi\Music\Hassen music\ULTIMATE TECHNO VOL1\Desktop_.ini

c:\users\Gharbi\Music\Hassen music\ULTIMATE TECHNO VOL2\Desktop_.ini

c:\users\Gharbi\Music\Hassen music\VA - Techno Club Selection 6\Desktop_.ini

c:\windows\System32\71473fb7-706c-775a-70c2-801acec89b5c.exe

d:\users\Users\Gharbi\Music\Hassen music\darude - after the storm(techno)\Desktop_.ini

d:\users\Users\Gharbi\Music\Hassen music\ULTIMATE TECHNO VOL1\Desktop_.ini

d:\users\Users\Gharbi\Music\Hassen music\ULTIMATE TECHNO VOL2\Desktop_.ini

d:\users\Users\Gharbi\Music\Hassen music\VA - Techno Club Selection 6\Desktop_.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-01-05 to 2010-02-05 ))))))))))))))))))))))))))))))

.

2010-02-05 20:46 . 2010-02-05 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-25 18:38 . 2010-01-25 18:38 -------- d-----w- c:\users\Gharbi\AppData\Roaming\Malwarebytes

2010-01-25 18:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-25 18:38 . 2010-01-25 18:38 -------- d-----w- c:\programdata\Malwarebytes

2010-01-25 18:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-25 18:38 . 2010-01-25 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-25 13:35 . 2010-01-25 13:35 -------- d-----w- c:\program files\Trend Micro

2010-01-25 12:44 . 2010-01-25 12:44 -------- d-----w- c:\program files\TrendMicro

2010-01-13 10:51 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 10:51 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-07 12:33 . 2010-01-07 12:42 -------- d-----w- c:\program files\Games_Bar_1

2010-01-07 12:33 . 2010-01-07 12:33 -------- d-----w- c:\program files\Conduit

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-05 20:46 . 2009-09-05 12:21 12 ----a-w- c:\windows\bthservsdp.dat

2010-02-05 20:10 . 2009-03-03 14:39 -------- d-----w- c:\users\Gharbi\AppData\Roaming\LimeWire

2010-02-05 13:09 . 2009-03-07 09:58 -------- d-----w- c:\programdata\Google Updater

2010-01-31 11:44 . 2009-03-03 14:38 -------- d-----w- c:\program files\LimeWire

2010-01-29 20:40 . 2009-02-28 14:37 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-25 12:44 . 2010-01-25 12:44 388096 ----a-r- c:\users\Gharbi\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-01-22 07:16 . 2009-03-10 09:49 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-19 08:32 . 2010-01-19 08:32 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe

2010-01-19 08:32 . 2010-01-01 15:54 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe

2010-01-14 08:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-06 10:26 . 2009-03-03 14:39 -------- d-----w- c:\program files\Java

2010-01-02 06:38 . 2010-01-22 07:24 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-22 07:24 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-22 07:24 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-22 07:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-01-01 15:38 . 2010-01-01 15:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-01-01 15:38 . 2010-01-01 15:38 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-01-01 15:38 . 2010-01-01 15:38 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-01 15:38 . 2010-01-01 15:38 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-01-01 15:38 . 2010-01-01 15:38 -------- d-----w- c:\program files\AVG

2010-01-01 15:38 . 2010-01-01 15:38 -------- d-----w- c:\programdata\avg9

2010-01-01 12:42 . 2009-11-15 12:55 -------- d-----w- c:\program files\TicTacPhoto

2010-01-01 12:33 . 2009-12-09 15:39 135665 ----a-w- c:\users\Gharbi\AppData\Roaming\mdbu.bin

2009-12-19 14:17 . 2009-03-07 09:58 -------- d-----w- c:\program files\Google

2009-11-26 11:32 . 2009-11-26 11:32 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb868D.tmp.exe

2009-11-18 12:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-15 12:56 . 2009-02-28 14:04 97336 ----a-w- c:\users\Gharbi\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-09 12:31 . 2009-12-10 13:20 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-10 13:20 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-10 13:20 411648 ----a-w- c:\windows\system32\drivers\http.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGam0.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

2009-12-31 10:53 2349080 ----a-w- c:\program files\Games_Bar_1\tbGam0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGam0.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gharbi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\users\Gharbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]

2010-01-01 15:53 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-07-03 07:44 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-07-03 07:44 150040 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]

2009-02-16 09:43 1358384 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2008-12-12 16:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-07-03 07:44 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-05-07 15:19 6139904 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-03-07 09:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-08-27 08:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-02-25 21:26 37888 ----a-w- d:\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):fc,f3,4f,45,2a,52,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/01/2010 16:38 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/01/2010 16:38 360584]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/01/2010 16:38 285392]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [28/02/2009 15:16 112128]

R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\System32\drivers\WUSB54GCv3.sys [19/10/2009 15:23 645120]

S2 gupdate1c99f0b53fafe83;Google Updateservice (gupdate1c99f0b53fafe83);c:\program files\Google\Update\GoogleUpdate.exe [7/03/2009 10:58 133104]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 3:23 21504]

S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [4/03/2009 14:36 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

2010-02-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-07 19:26]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 09:58]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 09:58]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxps://www3.snapfish.be/SnapfishActivia2.cab

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-NWEReboot - (no file)

MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe

AddRemove-71473fb7-706c-775a-70c2-801acec89b5c - c:\windows\system32\71473fb7-706c-775a-70c2-801acec89b5c.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-02-05 21:50

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Voltooingstijd: 2010-02-05 21:55:02 - machine werd herstart

ComboFix-quarantined-files.txt 2010-02-05 20:55

Pre-Run: 31.041.323.008 bytes beschikbaar

Post-Run: 32.668.430.336 bytes beschikbaar

- - End Of File - - 32327846F5F46D49549FE5D9FCF6E627

Link naar reactie
Delen op andere sites
  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start je PC op in "veilige modus".

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam0.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)

O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam0.dll

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map (indien aanwezig) : C:\Program Files\Winamp Toolbar

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart in "normale modus" de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.