Ga naar inhoud

Mystart Incredibar

leffeblond
 Delen

Aanbevolen berichten

leffeblond Groentje

leffeblond

Geplaatst:
  • Auteur
Geplaatst:

Alles gedaan wat gevraagd en zie hier het logje:

ComboFix 12-08-20.02 - sander van den Ende 21-08-2012 20:13:03.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3037.1773 [GMT 2:00]

Gestart vanuit: c:\users\sander van den Ende\Contacts\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\programdata\SPL2573.tmp

c:\programdata\SPL36B9.tmp

c:\programdata\SPL3E78.tmp

c:\programdata\SPL7302.tmp

c:\programdata\SPL805D.tmp

c:\programdata\SPL8174.tmp

c:\programdata\SPL926E.tmp

c:\programdata\SPL95F2.tmp

c:\programdata\SPLA734.tmp

c:\programdata\SPLD20A.tmp

c:\programdata\SPLF05E.tmp

c:\programdata\SPLF75A.tmp

c:\users\sander van den Ende\AppData\Roaming\.#

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-21 to 2012-08-21 ))))))))))))))))))))))))))))))

.

.

2012-08-21 18:26 . 2012-08-21 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-21 14:21 . 2012-08-21 17:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-21 14:21 . 2012-08-21 17:23 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-08-20 19:40 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44BE08A3-3C17-4C36-B8B6-C35F8DDD410D}\mpengine.dll

2012-08-19 19:34 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-18 19:22 . 2012-08-18 19:22 -------- d-----w- c:\users\sander van den Ende\AppData\Roaming\Malwarebytes

2012-08-18 19:22 . 2012-08-18 19:22 -------- d-----w- c:\programdata\Malwarebytes

2012-08-18 19:22 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-18 19:22 . 2012-08-18 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-16 21:05 . 2012-08-16 21:05 388096 ----a-r- c:\users\sander van den Ende\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-16 21:05 . 2012-08-16 21:05 -------- d-----w- c:\program files\Trend Micro

2012-08-16 06:28 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-16 06:28 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 06:28 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-16 06:28 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-16 06:28 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-16 06:28 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-16 06:28 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll

2012-08-02 04:53 . 2012-08-07 20:35 -------- d-----w- c:\users\sander van den Ende\AppData\Local\Albelli Fotoboeken

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-13 08:11 . 2012-04-24 09:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 08:11 . 2011-07-05 06:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-18 06:37 . 2012-06-18 06:37 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-18 06:37 . 2010-12-06 09:17 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-06 05:05 . 2012-07-11 06:06 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05 . 2012-07-11 06:06 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03 . 2012-07-11 06:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:19 . 2012-06-25 08:47 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-25 08:47 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-25 08:47 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-25 08:47 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-25 08:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-25 08:47 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-25 08:47 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-25 08:47 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-25 08:47 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45 . 2012-07-11 06:06 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45 . 2012-07-11 06:06 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40 . 2012-07-11 06:06 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40 . 2012-07-11 06:06 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39 . 2012-07-11 06:06 219136 ----a-w- c:\windows\system32\ncrypt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\sander van den Ende\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\sander van den Ende\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\sander van den Ende\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ContactKeeper Birthday reminder"="c:\program files\ContactKeeper\ContactKeeper.exe" [2009-10-20 876544]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"FTweakFCleaner"="c:\program files\FCleaner\FCleaner.exe" [2010-06-21 1763840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]

"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 13834856]

"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-20 317368]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"MyPoi Monitor"="c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" [2010-03-26 2114808]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\sander van den Ende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\sander van den Ende\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-1-11 576000]

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

myiHome Server.lnk - c:\program files\myiHome\app\myiHome-server.exe [2011-1-21 10584640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 hcpwrfqw;hcpwrfqw;c:\windows\system32\drivers\hcpwrfqw.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [x]

R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 17:12]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 17:12]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918549753-1553974762-1166484144-1001Core.job

- c:\users\sander van den Ende\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 19:43]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918549753-1553974762-1166484144-1001UA.job

- c:\users\sander van den Ende\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 19:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1342386450&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-nl&cbcxt=mai&snsc=1

mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube to MP3 Converter - c:\users\sander van den Ende\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://cdn03.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-HTMLKit_is1 - c:\program files\Chami\HTML-Kit\unins000.exe

AddRemove-Nedsoft RR2010 [unlimited] - c:\program files\Nedsoft\Rittenregistratie 2010\Uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-21 20:37:56

ComboFix-quarantined-files.txt 2012-08-21 18:37

.

Pre-Run: 42.965.762.048 bytes beschikbaar

Post-Run: 42.822.356.992 bytes beschikbaar

.

- - End Of File - - 81DC47280553C76D3716A6930DF1EEA8

Groetjes

Joyce

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\hcpwrfqw.sys

Folder::

c:\program files\Web Assistant

Driver::

hcpwrfqw

Web Assistant Updater

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.