Ga naar inhoud

Firefox traag na enige tijd


Thuurke

Aanbevolen berichten

ComboFix 11-06-07.03 - HP 08/06/2011 16:00:31.5.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4063.2786 [GMT 2:00]

Gestart vanuit: c:\users\HP\Pictures\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\HP\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\roboot64.exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\HP\AppData\Local\{1B6559FD-4D0D-4A66-B4D1-BB824A8D207D}

c:\users\HP\AppData\Local\{5A8101B2-8AF2-4AB2-8DB4-D05C209637FB}

c:\users\HP\AppData\Local\{6F1DE2ED-BFDE-43AA-9E00-761E63192DA4}

c:\users\HP\AppData\Local\{70560B18-B44F-49DA-835E-BBC7CDF9F2A3}

c:\users\HP\AppData\Local\{7B30053E-BB2E-4498-B237-69BA370EB154}

c:\users\HP\AppData\Local\{89884295-21F5-492A-BB56-E352EB1CCD77}

c:\users\HP\AppData\Local\{8F26A891-7DB8-4D4F-84C4-F6D1107AB412}

c:\users\HP\AppData\Local\{A3664CEB-77D3-406D-9AFB-A74049FDB1F5}

c:\users\HP\AppData\Local\{A528B51D-1F74-47B2-988D-6339D6D0A3B2}

c:\users\HP\AppData\Local\{B6BD60B5-3780-4800-9180-27F2498746B5}

c:\users\HP\AppData\Local\{D2CBD15C-66F4-4471-B7EE-B5E3E9C77CE5}

c:\users\HP\AppData\Local\{DF19AC33-0230-4B69-A8C6-61E369CC2661}

c:\users\HP\AppData\Local\{E4EB94F7-A5FC-4991-83C2-33FACCC263C6}

c:\users\HP\AppData\Local\{E83B1ACD-D0DD-446E-BE91-CD3C1987998B}

c:\users\HP\AppData\Local\{F01470D6-62BD-4045-8FA0-0D3784112344}

c:\windows\system32\roboot64.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))

.

.

2011-06-08 14:15 . 2011-06-08 14:15 -------- d-----w- c:\users\Henri\AppData\Local\temp

2011-06-08 14:15 . 2011-06-08 14:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-08 00:59 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F860D36-227A-4BD5-887B-624F7413B5E4}\mpengine.dll

2011-06-04 19:23 . 2011-06-04 19:23 -------- d-----w- c:\users\HP\AppData\Roaming\Godlike

2011-06-04 18:44 . 2011-06-04 18:44 -------- d-----w- c:\users\UpdatusUser

2011-06-04 18:42 . 2011-06-04 18:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2011-06-04 18:42 . 2011-05-21 06:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-06-04 18:40 . 2011-06-04 18:40 -------- d-----w- C:\NVIDIA

2011-06-02 08:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-02 08:52 . 2011-06-02 08:52 -------- d-----w- c:\programdata\Malwarebytes

2011-06-02 08:52 . 2011-06-03 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-02 07:26 . 2011-06-02 07:26 388096 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-01 15:31 . 2011-06-01 15:31 -------- d-----w- c:\users\HP\AppData\Roaming\Reviversoft

2011-05-29 17:22 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2011-05-29 17:22 . 2011-05-29 17:22 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2011-05-29 13:01 . 2011-05-29 13:01 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2011-05-29 13:01 . 2011-05-29 13:01 -------- d-----w- c:\windows\system32\wbem\en-US

2011-05-29 11:58 . 2011-05-29 12:02 -------- d-----w- c:\program files (x86)\Windows Mail

2011-05-29 11:58 . 2011-05-29 12:01 -------- d-----w- c:\program files\Windows Mail

2011-05-29 11:25 . 2011-05-29 11:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-05-29 11:14 . 2011-05-29 11:14 -------- d-----w- c:\windows\system32\SPReview

2011-05-29 11:12 . 2011-05-29 11:12 -------- d-----w- c:\windows\system32\EventProviders

2011-05-29 10:56 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-05-29 10:56 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-05-29 10:56 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-05-29 10:56 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2011-05-29 10:56 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2011-05-29 10:56 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll

2011-05-29 10:56 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll

2011-05-29 10:56 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll

2011-05-29 10:56 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll

2011-05-29 10:54 . 2010-11-20 13:25 1525248 ----a-w- c:\program files\Windows Media Player\wmpnetwk.exe

2011-05-29 10:53 . 2010-11-20 13:27 605696 ----a-w- c:\windows\system32\wmpeffects.dll

2011-05-29 10:52 . 2010-11-20 13:27 624128 ----a-w- c:\windows\system32\qedit.dll

2011-05-29 10:51 . 2010-11-20 13:27 124928 ----a-w- c:\windows\system32\wiavideo.dll

2011-05-29 10:50 . 2010-11-20 13:34 2560 ----a-w- c:\windows\system32\drivers\nl-NL\rdpwd.sys.mui

2011-05-29 10:50 . 2010-11-20 13:33 3584 ----a-w- c:\windows\system32\drivers\nl-NL\tsusbflt.sys.mui

2011-05-29 10:50 . 2010-11-20 13:27 3072 ----a-w- c:\windows\system32\drivers\nl-NL\Dot4usb.sys.mui

2011-05-29 10:49 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-05-29 10:49 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe

2011-05-29 10:49 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-05-29 10:49 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-05-29 10:49 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-05-29 10:49 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-05-29 10:44 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-05-29 10:44 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-05-29 10:44 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-05-29 10:43 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-05-29 10:43 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-05-29 10:42 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-05-29 10:42 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-05-29 10:38 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-05-29 10:38 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-05-29 10:38 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-05-29 10:38 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2011-05-28 13:40 . 2011-05-28 14:33 -------- d-----w- c:\users\HP\AppData\Roaming\FreeScreenToVideo

2011-05-26 05:57 . 2011-05-26 05:57 71680 ----a-w- c:\windows\system32\frapsv64.dll

2011-05-26 05:57 . 2011-05-26 05:57 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2011-05-25 14:26 . 2011-05-25 14:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-25 02:02 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-24 18:36 . 2011-05-24 18:36 -------- d-----w- c:\program files (x86)\Java

2011-05-24 14:29 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-24 14:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-24 10:33 . 2011-05-24 10:33 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes

2011-05-24 10:33 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-23 19:15 . 2011-05-23 19:15 -------- d-----w- c:\program files (x86)\Trend Micro

2011-05-17 16:36 . 2008-07-30 05:20 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2011-05-17 16:36 . 2008-07-30 05:20 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2011-05-17 16:36 . 2008-07-30 05:20 513544 ----a-w- c:\windows\system32\XAudio2_2.dll

2011-05-17 16:36 . 2008-07-30 05:20 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2011-05-17 16:36 . 2008-07-30 05:20 177672 ----a-w- c:\windows\system32\xactengine3_2.dll

2011-05-17 16:36 . 2008-07-30 05:20 238088 ----a-w- c:\windows\SysWow64\xactengine3_2.dll

2011-05-12 15:07 . 2011-05-29 15:56 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt

2011-05-11 21:46 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 21:46 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 21:46 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 21:46 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 21:46 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 21:46 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 21:46 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 21:46 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 21:46 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 21:46 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-10 10:07 . 2011-05-10 10:07 145184 ----a-w- c:\windows\SysWow64\Minecraft.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 11:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-29 11:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-24 18:36 . 2010-11-12 19:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-05-21 06:01 . 2010-10-17 01:55 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-05-21 06:01 . 2009-10-03 11:01 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-05-21 06:01 . 2009-07-24 04:01 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-05-21 06:01 . 2009-07-24 04:01 2644584 ----a-w- c:\windows\system32\nvapi64.dll

2011-05-21 06:01 . 2009-07-23 13:40 1016936 ----a-w- c:\windows\system32\nvvsvc.exe

2011-05-21 06:01 . 2009-07-23 13:40 3040872 ----a-w- c:\windows\system32\nvsvc64.dll

2011-05-21 06:01 . 2009-07-23 13:40 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-05-21 06:01 . 2009-07-23 13:40 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-05-21 06:01 . 2009-07-23 13:40 6300776 ----a-w- c:\windows\system32\nvcpl.dll

2011-05-21 06:01 . 2009-07-23 13:40 326760 ----a-w- c:\windows\system32\nvhotkey.dll

2011-05-10 12:10 . 2011-04-23 17:04 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-04-23 17:04 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-05-10 12:10 . 2011-04-23 17:05 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:04 . 2011-04-23 17:05 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:04 . 2011-04-23 17:05 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-04-23 17:05 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-04-23 17:05 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-04-23 17:05 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-04-23 17:05 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-05 04:20 . 2011-05-05 04:20 286720 ----a-w- c:\windows\iun507.exe

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-03-12 12:08 . 2011-04-28 10:13 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-12 11:23 . 2011-04-28 10:13 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-03-11 06:41 . 2011-04-28 10:13 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2011-03-11 06:41 . 2011-04-28 10:13 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-03-11 06:41 . 2011-04-28 10:13 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-03-11 06:41 . 2011-04-28 10:13 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-03-11 06:41 . 2011-04-28 10:13 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-03-11 06:41 . 2011-04-28 10:13 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-03-11 06:41 . 2011-04-28 10:13 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-03-11 06:34 . 2011-04-15 20:17 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 06:34 . 2011-04-15 20:17 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 06:33 . 2011-04-28 10:13 2565632 ----a-w- c:\windows\system32\esent.dll

2011-03-11 06:30 . 2011-04-28 10:13 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-03-11 05:33 . 2011-04-15 20:17 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-03-11 05:33 . 2011-04-15 20:17 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:33 . 2011-04-28 10:13 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2011-03-11 05:31 . 2011-04-28 10:13 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2011-06-08_11.29.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2011-06-08 12:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-06-08 09:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-06-08 12:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-06-08 09:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-08 12:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-06-08 09:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-01 19:41 . 2011-06-08 12:12 45510 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-08 12:12 43884 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-06-08 04:57 43884 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-11-01 19:09 . 2011-06-08 04:57 11702 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561261077-3936807583-1715766741-1000_UserData.bin

+ 2010-11-01 19:09 . 2011-06-08 12:12 11702 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561261077-3936807583-1715766741-1000_UserData.bin

- 2011-06-08 04:52 . 2011-06-08 04:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-08 12:10 . 2011-06-08 12:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-08 12:10 . 2011-06-08 12:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-08 04:52 . 2011-06-08 04:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 09:16 . 2011-06-08 04:58 706116 c:\windows\system32\perfh013.dat

+ 2009-07-14 09:16 . 2011-06-08 12:15 706116 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2011-06-08 04:58 620150 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-06-08 12:15 620150 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2011-06-08 12:15 135886 c:\windows\system32\perfc013.dat

- 2009-07-14 09:16 . 2011-06-08 04:58 135886 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2011-06-08 12:15 108332 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-06-08 04:58 108332 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-06-08 04:47 273564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-06-08 11:53 273564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-01-29 10:52 . 2011-06-08 12:53 213256 c:\windows\hpoins47.dat

+ 2010-11-26 20:01 . 2011-06-08 11:53 7351660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1561261077-3936807583-1715766741-1000-12288.dat

- 2010-11-26 20:01 . 2011-06-08 04:47 7351660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1561261077-3936807583-1715766741-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Firefox Preloader.lnk - c:\program files (x86)\FirefoxPreloader\FirefoxPreloader.exe [2011-4-15 98304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561261077-3936807583-1715766741-1000Core.job

- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 16:29]

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561261077-3936807583-1715766741-1000UA.job

- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 16:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\HP\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\HP\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ng8v0jsh.default\

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

Toolbar-!{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-06-08 16:25:34

ComboFix-quarantined-files.txt 2011-06-08 14:25

ComboFix2.txt 2011-06-08 11:39

ComboFix3.txt 2011-06-03 20:22

ComboFix4.txt 2011-05-25 11:30

.

Pre-Run: 258.322.165.760 bytes beschikbaar

Post-Run: 258.033.123.328 bytes beschikbaar

.

- - End Of File - - EC649FBFDDB432BA686F1A007C4206A1

Link naar reactie
Delen op andere sites

  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Is het logje beter dan in het begin of is het zelfde?
Het ziet er merkelijk beter uit dan in het begin van dit verhaal. Dat was natuurlijk ook een beetje de bedoeling ;-)
Ik merk geen traagheid van firefox.
Voldoet dit voor een degelijk gebruik van de browser ? Laat dit even weten. Indien alles OK is moeten we immers nog één en ander opruimen.
Link naar reactie
Delen op andere sites

OK, dan mag je dit nog uitvoeren om de gebruikte tools en de restjes van de besmetting uit te voeren :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit

  • via Start -> Configuratiescherm -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

That's it !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.