Ga naar inhoud

PC erg traag

Anne-Dieter

Door Anne-Dieter
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\78g70q58.default\

FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/414

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites
  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Anne-Dieter Leerling

Anne-Dieter

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-03-01.01 - Anne 01-03-2012 18:56:28.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3066.1351 [GMT 1:00]

Gestart vanuit: C:\Users\Anne\Downloads\ComboFix.exe

gebruikte Opdracht switches :: C:\Users\Anne\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-01 to 2012-03-01 ))))))))))))))))))))))))))))))

2012-03-01 18:09:48 . 2012-03-01 18:09:48 -------- d-----w- C:\Users\Public\AppData\Local\temp

2012-03-01 18:09:48 . 2012-03-01 18:09:48 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-02-26 09:42:49 . 2012-02-26 09:42:49 388096 ----a-r- C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-26 09:30:20 . 2012-02-26 09:30:23 -------- d-----w- C:\Program Files\Speccy

2012-02-25 19:14:46 . 2012-02-25 19:14:46 -------- d-----w- C:\Users\Anne\AppData\Roaming\Dropbox

2012-02-25 08:01:42 . 2012-02-25 08:01:42 -------- d-----w- C:\Users\Anne\AppData\Roaming\Microsoft Corporation

2012-02-22 05:00:55 . 2012-02-22 05:00:55 1798656 ----a-w- C:\Windows\system32\jscript9.dll

2012-02-22 05:00:54 . 2012-02-22 05:00:54 766976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll

2012-02-22 05:00:54 . 2012-02-22 05:00:54 35840 ----a-w- C:\Windows\system32\imgutil.dll

2012-02-22 05:00:53 . 2012-02-22 05:00:53 149504 ----a-w- C:\Program Files\Internet Explorer\jsprofilerui.dll

2012-02-22 05:00:53 . 2012-02-22 05:00:53 110592 ----a-w- C:\Windows\system32\IEAdvpack.dll

2012-02-22 05:00:52 . 2012-02-22 05:00:52 386560 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-02-22 05:00:52 . 2012-02-22 05:00:52 22016 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe

2012-02-20 17:01:58 . 2012-03-01 08:01:39 -------- d-----w- C:\Users\Anne\AppData\Roaming\Skype

2012-02-20 17:01:35 . 2012-02-20 17:01:35 -------- d-----w- C:\Program Files\Common Files\Skype

2012-02-20 17:01:34 . 2012-02-20 17:02:16 -------- d-----r- C:\Program Files\Skype

2012-02-20 17:01:28 . 2012-02-20 17:01:34 -------- d-----w- C:\ProgramData\Skype

2012-02-15 08:02:05 . 2011-12-14 16:17:47 680448 ----a-w- C:\Windows\system32\msvcrt.dll

2012-02-15 08:02:04 . 2012-01-12 19:52:56 2044416 ----a-w- C:\Windows\system32\win32k.sys

2012-02-15 08:02:03 . 2011-12-20 10:56:10 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2012-02-05 14:55:06 . 2012-02-05 14:55:09 -------- d-----w- C:\Program Files\DAEMON Tools Lite

2012-02-05 14:02:49 . 2012-02-05 14:02:49 -------- d-----w- C:\Program Files\Haali

2012-02-05 12:03:16 . 2012-02-05 12:03:16 -------- d-----w- C:\Users\Anne\AppData\Roaming\RealNetworks

2012-02-05 11:31:36 . 2012-02-05 11:31:36 -------- d-----w- C:\ProgramData\MySQL

2012-02-05 11:31:36 . 2012-02-05 11:31:36 -------- d-----w- C:\Program Files\MySQL

2012-02-05 11:28:40 . 2012-02-05 11:32:17 -------- d-----w- C:\ProgramData\Team MediaPortal

2012-02-05 11:28:37 . 2012-02-05 11:32:29 -------- d-----w- C:\Program Files\Team MediaPortal

2012-02-05 11:26:56 . 2008-05-30 13:18:52 238088 ----a-w- C:\Windows\system32\xactengine3_1.dll

2012-02-05 10:08:40 . 2012-02-05 10:08:46 -------- d-----w- C:\Users\Anne\AppData\Roaming\SkyMonk

2012-02-05 10:08:22 . 2012-02-07 06:57:50 -------- d-----w- C:\Program Files\Mail.Ru

2012-02-05 09:58:33 . 2012-02-05 09:58:33 -------- d-----w- C:\Users\Anne\AppData\Roaming\TeamViewer

2012-02-05 09:29:09 . 2012-02-05 09:31:38 -------- d-----w- C:\Users\Anne\AppData\Roaming\Corel

2012-02-05 09:29:05 . 2012-02-05 09:31:27 -------- d-----w- C:\ProgramData\Protexis

2012-02-05 09:28:26 . 2012-02-05 09:28:26 -------- d-----w- C:\Users\Anne\Corel

2012-02-05 09:26:24 . 2012-02-05 09:26:24 -------- d-----w- C:\Program Files\Common Files\Protexis

2012-02-05 09:26:22 . 2012-02-05 09:26:56 -------- d-----w- C:\ProgramData\Corel

2012-02-05 09:25:33 . 2010-11-16 15:24:48 13880 ----a-w- C:\Windows\system32\drivers\regi.sys

2012-02-05 09:24:52 . 2012-02-05 09:24:52 -------- d-----w- C:\Program Files\Corel

2012-02-05 09:01:17 . 2012-02-05 09:02:07 -------- d-----w- C:\Program Files\The KMPlayer

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-05 14:55:49 . 2009-09-10 19:38:54 473656 ----a-w- C:\Windows\system32\drivers\sptd.sys

2012-02-05 14:47:07 . 2009-08-26 21:23:30 2397184 ----a-w- C:\Windows\system32\MPCVideoDec.ax

2011-12-12 06:50:10 . 2011-08-07 15:27:17 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2011-12-10 14:24:06 . 2011-12-18 12:42:20 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-02-26 15:47:29 . 2011-05-08 07:28:58 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

2010-06-29 11:23:12 . 2009-12-13 00:25:44 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-16 15:23:49 1811296 ----a-w- C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 15:23:49 1811296]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38:12 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]

"Xvid"="C:\Program Files\XviD\CheckUpdate.exe" [2011-01-17 19:41:43 8192]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 17:33:42 68856]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 13:19:14 3478336]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2012-01-31 14:14:00 17147528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 07:35:36 6111232]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 03:31:22 1033512]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 21:38:28 526896]

"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 01:36:12 544768]

"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 13:58:54 397312]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 20:42:36 34040]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 04:53:32 6144]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 16:45:06 182808]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-07 07:05:10 13543968]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-07 07:05:46 92704]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 02:51:00 821768]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-29 11:23:11 30192]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 21:10:54 147456]

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 21:11:04 167936]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 16:28:04 167936]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072]

"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_15_Plus_Download-versie\TrayServer.exe" [2008-09-10 08:38:00 90112]

"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 15:32:28 1135912]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 00:52:06 59240]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]

"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2012-01-17 19:03:24 2339168]

"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 02:23:24 215552]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-11 09:55:16 296056]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 10:59:52 254696]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 06:22:28 59240]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-10-09 17:06:40 421736]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 13:28:52 421888]

"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2012-01-16 15:23:50 939872]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 13:53:18 460872]

"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 13:53:16 981680]

"ROC_roc_dec12"="C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 15:23:59 928096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - C:\Program Files\Winzip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]

backup=C:\Windows\pss\Orion.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]

2007-10-23 09:56:18 200704 ----a-w- C:\Windows\PLFSetI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

R3 A310;AVerMedia A310 DVB-T;C:\Windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 02:20:48 25856]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

Inhoud van de 'Gedeelde Taken' map

2012-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-27 13:20:34 . 2009-11-27 13:20:25]

2012-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-27 13:20:34 . 2009-11-27 13:20:25]

------- Bijkomende Scan -------

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0309&m=aspire_7730g

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\78g70q58.default\

Link naar reactie
Delen op andere sites
Anne-Dieter Leerling

Anne-Dieter

Geplaatst:
  • Auteur
Geplaatst:

Dag Kweezie,

Heb het opnieuw gedaan, maar er kwam ook een melding dat combofix "verlopen" was.

Kreeg hem niet opnieuw geïnstalleerd. Er kwam tevens een melding dat niet de volledige mogelijkheden benut zouden worden.

Hierbij het nieuw txt bestandje.

ComboFix 12-02-25.02 - Anne 02-03-2012 18:15:03.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3066.1436 [GMT 1:00]

Gestart vanuit: C:\Users\Anne\Downloads\ComboFix.exe

gebruikte Opdracht switches :: C:\Users\Anne\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

- VERMINDERDE FUNCTIONALITEIT MODUS -

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Anne\AppData\Roaming\Help\coredb\storage

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-02 to 2012-03-02 ))))))))))))))))))))))))))))))

2012-03-02 17:17:17 . 2012-03-02 17:17:17 -------- d-----w- C:\Users\Public\AppData\Local\temp

2012-03-02 17:17:17 . 2012-03-02 17:17:17 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-02-26 09:42:49 . 2012-02-26 09:42:49 388096 ----a-r- C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-26 09:30:20 . 2012-02-26 09:30:23 -------- d-----w- C:\Program Files\Speccy

2012-02-25 19:14:46 . 2012-02-25 19:14:46 -------- d-----w- C:\Users\Anne\AppData\Roaming\Dropbox

2012-02-25 08:01:42 . 2012-02-25 08:01:42 -------- d-----w- C:\Users\Anne\AppData\Roaming\Microsoft Corporation

2012-02-22 05:00:55 . 2012-02-22 05:00:55 1798656 ----a-w- C:\Windows\system32\jscript9.dll

2012-02-22 05:00:54 . 2012-02-22 05:00:54 766976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll

2012-02-22 05:00:54 . 2012-02-22 05:00:54 35840 ----a-w- C:\Windows\system32\imgutil.dll

2012-02-22 05:00:53 . 2012-02-22 05:00:53 149504 ----a-w- C:\Program Files\Internet Explorer\jsprofilerui.dll

2012-02-22 05:00:53 . 2012-02-22 05:00:53 110592 ----a-w- C:\Windows\system32\IEAdvpack.dll

2012-02-22 05:00:52 . 2012-02-22 05:00:52 386560 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-02-22 05:00:52 . 2012-02-22 05:00:52 22016 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe

2012-02-20 17:01:58 . 2012-03-01 08:01:39 -------- d-----w- C:\Users\Anne\AppData\Roaming\Skype

2012-02-20 17:01:35 . 2012-02-20 17:01:35 -------- d-----w- C:\Program Files\Common Files\Skype

2012-02-20 17:01:34 . 2012-02-20 17:02:16 -------- d-----r- C:\Program Files\Skype

2012-02-20 17:01:28 . 2012-02-20 17:01:34 -------- d-----w- C:\ProgramData\Skype

2012-02-15 08:02:05 . 2011-12-14 16:17:47 680448 ----a-w- C:\Windows\system32\msvcrt.dll

2012-02-15 08:02:04 . 2012-01-12 19:52:56 2044416 ----a-w- C:\Windows\system32\win32k.sys

2012-02-15 08:02:03 . 2011-12-20 10:56:10 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2012-02-05 14:55:06 . 2012-02-05 14:55:09 -------- d-----w- C:\Program Files\DAEMON Tools Lite

2012-02-05 14:02:49 . 2012-02-05 14:02:49 -------- d-----w- C:\Program Files\Haali

2012-02-05 12:03:16 . 2012-02-05 12:03:16 -------- d-----w- C:\Users\Anne\AppData\Roaming\RealNetworks

2012-02-05 11:31:36 . 2012-02-05 11:31:36 -------- d-----w- C:\ProgramData\MySQL

2012-02-05 11:31:36 . 2012-02-05 11:31:36 -------- d-----w- C:\Program Files\MySQL

2012-02-05 11:28:40 . 2012-02-05 11:32:17 -------- d-----w- C:\ProgramData\Team MediaPortal

2012-02-05 11:28:37 . 2012-02-05 11:32:29 -------- d-----w- C:\Program Files\Team MediaPortal

2012-02-05 11:26:56 . 2008-05-30 13:18:52 238088 ----a-w- C:\Windows\system32\xactengine3_1.dll

2012-02-05 10:08:40 . 2012-02-05 10:08:46 -------- d-----w- C:\Users\Anne\AppData\Roaming\SkyMonk

2012-02-05 10:08:22 . 2012-02-07 06:57:50 -------- d-----w- C:\Program Files\Mail.Ru

2012-02-05 09:58:33 . 2012-02-05 09:58:33 -------- d-----w- C:\Users\Anne\AppData\Roaming\TeamViewer

2012-02-05 09:29:09 . 2012-02-05 09:31:38 -------- d-----w- C:\Users\Anne\AppData\Roaming\Corel

2012-02-05 09:29:05 . 2012-02-05 09:31:27 -------- d-----w- C:\ProgramData\Protexis

2012-02-05 09:28:26 . 2012-02-05 09:28:26 -------- d-----w- C:\Users\Anne\Corel

2012-02-05 09:26:24 . 2012-02-05 09:26:24 -------- d-----w- C:\Program Files\Common Files\Protexis

2012-02-05 09:26:22 . 2012-02-05 09:26:56 -------- d-----w- C:\ProgramData\Corel

2012-02-05 09:25:33 . 2010-11-16 15:24:48 13880 ----a-w- C:\Windows\system32\drivers\regi.sys

2012-02-05 09:24:52 . 2012-02-05 09:24:52 -------- d-----w- C:\Program Files\Corel

2012-02-05 09:01:17 . 2012-02-05 09:02:07 -------- d-----w- C:\Program Files\The KMPlayer

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-05 14:55:49 . 2009-09-10 19:38:54 473656 ----a-w- C:\Windows\system32\drivers\sptd.sys

2012-02-05 14:47:07 . 2009-08-26 21:23:30 2397184 ----a-w- C:\Windows\system32\MPCVideoDec.ax

2011-12-12 06:50:10 . 2011-08-07 15:27:17 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2011-12-10 14:24:06 . 2011-12-18 12:42:20 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-02-26 15:47:29 . 2011-05-08 07:28:58 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

2010-06-29 11:23:12 . 2009-12-13 00:25:44 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-16 15:23:49 1811296 ----a-w- C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 15:23:49 1811296]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38:12 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]

"Xvid"="C:\Program Files\XviD\CheckUpdate.exe" [2011-01-17 19:41:43 8192]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 17:33:42 68856]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 13:19:14 3478336]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2012-01-31 14:14:00 17147528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 07:35:36 6111232]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 03:31:22 1033512]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 21:38:28 526896]

"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 01:36:12 544768]

"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 13:58:54 397312]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 20:42:36 34040]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 04:53:32 6144]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 16:45:06 182808]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-07 07:05:10 13543968]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-07 07:05:46 92704]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 02:51:00 821768]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-29 11:23:11 30192]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 21:10:54 147456]

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 21:11:04 167936]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 16:28:04 167936]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072]

"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_15_Plus_Download-versie\TrayServer.exe" [2008-09-10 08:38:00 90112]

"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 15:32:28 1135912]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 00:52:06 59240]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]

"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2012-01-17 19:03:24 2339168]

"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 02:23:24 215552]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-11 09:55:16 296056]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 10:59:52 254696]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 06:22:28 59240]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-10-09 17:06:40 421736]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 13:28:52 421888]

"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2012-01-16 15:23:50 939872]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 13:53:18 460872]

"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 13:53:16 981680]

"ROC_roc_dec12"="C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 15:23:59 928096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - C:\Program Files\Winzip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]

backup=C:\Windows\pss\Orion.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]

2007-10-23 09:56:18 200704 ----a-w- C:\Windows\PLFSetI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

R3 A310;AVerMedia A310 DVB-T;C:\Windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 02:20:48 25856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

Inhoud van de 'Gedeelde Taken' map

2012-03-02 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-27 13:20:34 . 2009-11-27 13:20:25]

2012-03-02 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-27 13:20:34 . 2009-11-27 13:20:25]

------- Bijkomende Scan -------

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0309&m=aspire_7730g

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\78g70q58.default\

Ik hoor het wel.

Groeten,

Anne

Link naar reactie
Delen op andere sites
Anne-Dieter Leerling

Anne-Dieter

Geplaatst:
  • Auteur
Geplaatst:

Dag Kweezie,

Ik krijg combofix ook niet op mijn desktop opgeslagen.

Maar als ik het programma draai, dan krijg ik het volgende txt bestand.

ComboFix 12-03-02.01 - Anne 03-03-2012 18:42:05.6.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3066.1363 [GMT 1:00]

Gestart vanuit: c:\users\Anne\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\oobe\audit.exe

c:\windows\system32\oobe\msoobe.exe

c:\windows\system32\oobe\oobeldr.exe

c:\windows\system32\oobe\Setup.exe

c:\windows\system32\oobe\windeploy.exe

.

---- Voorgaande Run -------

.

c:\users\Anne\AppData\Roaming\Help\coredb\storage

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-03 to 2012-03-03 ))))))))))))))))))))))))))))))

.

.

2012-03-03 17:55 . 2012-03-03 17:55 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-03-03 17:55 . 2012-03-03 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-26 09:42 . 2012-02-26 09:42 388096 ----a-r- c:\users\Anne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-26 09:30 . 2012-02-26 09:30 -------- d-----w- c:\program files\Speccy

2012-02-25 19:14 . 2012-02-25 19:14 -------- d-----w- c:\users\Anne\AppData\Roaming\Dropbox

2012-02-25 08:01 . 2012-02-25 08:01 -------- d-----w- c:\users\Anne\AppData\Roaming\Microsoft Corporation

2012-02-22 05:00 . 2012-02-22 05:00 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-02-22 05:00 . 2012-02-22 05:00 766976 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2012-02-22 05:00 . 2012-02-22 05:00 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-22 05:00 . 2012-02-22 05:00 149504 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll

2012-02-22 05:00 . 2012-02-22 05:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-22 05:00 . 2012-02-22 05:00 386560 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-02-22 05:00 . 2012-02-22 05:00 22016 ----a-w- c:\program files\Internet Explorer\ExtExport.exe

2012-02-20 17:01 . 2012-03-03 14:55 -------- d-----w- c:\users\Anne\AppData\Roaming\Skype

2012-02-20 17:01 . 2012-02-20 17:01 -------- d-----w- c:\program files\Common Files\Skype

2012-02-20 17:01 . 2012-02-20 17:02 -------- d-----r- c:\program files\Skype

2012-02-20 17:01 . 2012-02-20 17:01 -------- d-----w- c:\programdata\Skype

2012-02-15 08:02 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 08:02 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 08:02 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-02-05 14:55 . 2012-02-05 14:55 -------- d-----w- c:\program files\DAEMON Tools Lite

2012-02-05 14:02 . 2012-02-05 14:02 -------- d-----w- c:\program files\Haali

2012-02-05 12:03 . 2012-02-05 12:03 -------- d-----w- c:\users\Anne\AppData\Roaming\RealNetworks

2012-02-05 11:31 . 2012-02-05 11:31 -------- d-----w- c:\programdata\MySQL

2012-02-05 11:31 . 2012-02-05 11:31 -------- d-----w- c:\program files\MySQL

2012-02-05 11:28 . 2012-02-05 11:32 -------- d-----w- c:\programdata\Team MediaPortal

2012-02-05 11:28 . 2012-02-05 11:32 -------- d-----w- c:\program files\Team MediaPortal

2012-02-05 11:26 . 2008-05-30 13:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll

2012-02-05 10:08 . 2012-02-05 10:08 -------- d-----w- c:\users\Anne\AppData\Roaming\SkyMonk

2012-02-05 10:08 . 2012-02-07 06:57 -------- d-----w- c:\program files\Mail.Ru

2012-02-05 09:58 . 2012-02-05 09:58 -------- d-----w- c:\users\Anne\AppData\Roaming\TeamViewer

2012-02-05 09:29 . 2012-02-05 09:31 -------- d-----w- c:\users\Anne\AppData\Roaming\Corel

2012-02-05 09:29 . 2012-02-05 09:31 -------- d-----w- c:\programdata\Protexis

2012-02-05 09:28 . 2012-02-05 09:28 -------- d-----w- c:\users\Anne\Corel

2012-02-05 09:26 . 2012-02-05 09:26 -------- d-----w- c:\program files\Common Files\Protexis

2012-02-05 09:26 . 2012-02-05 09:26 -------- d-----w- c:\programdata\Corel

2012-02-05 09:25 . 2010-11-16 15:24 13880 ----a-w- c:\windows\system32\drivers\regi.sys

2012-02-05 09:24 . 2012-02-05 09:24 -------- d-----w- c:\program files\Corel

2012-02-05 09:01 . 2012-02-05 09:02 -------- d-----w- c:\program files\The KMPlayer

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-05 14:55 . 2009-09-10 19:38 473656 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-02-05 14:47 . 2009-08-26 21:23 2397184 ----a-w- c:\windows\system32\MPCVideoDec.ax

2011-12-12 06:50 . 2011-08-07 15:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-10 14:24 . 2011-12-18 12:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-26 15:47 . 2011-05-08 07:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-06-29 11:23 . 2009-12-13 00:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-16 15:23 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Xvid"="c:\program files\XviD\CheckUpdate.exe" [2011-01-17 8192]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 68856]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-29 30192]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TrayServer"="c:\program files\MAGIX\Video_deluxe_15_Plus_Download-versie\TrayServer.exe" [2008-09-10 90112]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-11 296056]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - c:\program files\Winzip\WZQKPICK.EXE [2009-11-18 495432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]

backup=c:\windows\pss\Orion.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]

2007-10-23 09:56 200704 ----a-w- c:\windows\PLFSetI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 13:20]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 13:20]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0309&m=aspire_7730g

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\78g70q58.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-03 18:55

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Voltooingstijd: 2012-03-03 18:59:07

ComboFix-quarantined-files.txt 2012-03-03 17:59

ComboFix2.txt 2012-03-01 18:14

ComboFix3.txt 2012-03-01 06:44

ComboFix4.txt 2011-12-19 20:34

.

Pre-Run: 71.285.035.008 bytes beschikbaar

Post-Run: 71.250.313.216 bytes beschikbaar

.

- - End Of File - - 5B5D2D2CD8676D6DBC8B9190B07F0078

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Mooi zo; dan gaan we beginnen opruimen.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner. (Als je het nog niet hebt)

Let op bij de installatie.

Haal beide vinkjes weg bij de vraag over de Chrome browser.

Installeer het en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Bevestigen met JA of OK

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, lees dan deze handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar kunnen besmette herstelpunten tussen zitten die je zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen".

Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

That's it !

Laat maar weten of het gelukt is.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.