Ga naar inhoud

Opeens zeer traag internet!!!


Rare Job

Aanbevolen berichten

ComboFix 12-09-30.03 - Gino Hoste 01/10/2012 16:58:09.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1829 [GMT 2:00]

Gestart vanuit: c:\users\Gino Hoste\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\HyperCam Toolbar\tbHElper.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll

c:\programdata\50669ABE44.sys

c:\users\Gino Hoste\AppData\Roaming\Microsoft\Windows\Recent\WebSonic.nl PC Tips - Google - Google Easter Eggs.URL

c:\users\Gino Hoste\Documents\~WRL0001.tmp

c:\users\Gino Hoste\Documents\~WRL2946.tmp

c:\users\Public\23.doc

c:\windows\IsUn0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-01 to 2012-10-01 ))))))))))))))))))))))))))))))

.

.

2012-10-01 15:16 . 2012-10-01 15:17 -------- d-----w- c:\users\Gino Hoste\AppData\Local\temp

2012-10-01 15:16 . 2012-10-01 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-30 16:06 . 2012-09-30 16:06 -------- d-----w- c:\users\Gino Hoste\AppData\Local\PunkBuster

2012-09-30 12:01 . 2012-09-30 12:01 388096 ----a-r- c:\users\Gino Hoste\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-30 12:01 . 2012-09-30 12:01 -------- d-----w- c:\program files\Trend Micro

2012-09-29 17:30 . 2012-09-29 17:31 -------- d-----w- C:\Fraps

2012-09-28 19:36 . 2012-09-28 19:36 -------- d-----w- c:\users\Gino Hoste\AppData\Roaming\Malwarebytes

2012-09-28 19:36 . 2012-09-28 19:36 -------- d-----w- c:\programdata\Malwarebytes

2012-09-28 19:36 . 2012-09-28 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-28 19:36 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 17:36 . 2012-09-28 22:12 -------- d-----w- c:\program files\Common Files\Steam

2012-09-28 17:36 . 2012-10-01 14:46 -------- d-----w- c:\program files\Steam

2012-09-28 15:12 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79558362-04C4-4DFE-803B-C635B0D6B37A}\mpengine.dll

2012-09-27 17:34 . 2012-09-27 17:34 -------- d-----w- c:\program files\EA Games

2012-09-23 10:45 . 2009-09-21 08:55 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys

2012-09-23 10:45 . 2009-09-21 08:55 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys

2012-09-23 10:45 . 2009-09-21 08:55 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys

2012-09-23 10:45 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys

2012-09-23 10:45 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys

2012-09-23 10:45 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys

2012-09-23 10:45 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys

2012-09-23 10:42 . 2012-09-23 10:42 -------- d-----w- c:\programdata\Samsung

2012-09-23 07:00 . 2012-08-24 06:53 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-09-23 07:00 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-09-21 18:14 . 2012-09-21 18:27 -------- d-----w- C:\Nexon

2012-09-20 16:59 . 2012-09-20 16:59 -------- d-----w- c:\programdata\IObit

2012-09-20 16:59 . 2012-09-20 16:59 -------- d-----w- c:\program files\IObit

2012-09-19 12:57 . 2004-01-28 13:03 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys

2012-09-19 12:55 . 2012-09-19 12:55 -------- d-----w- c:\program files\Common Files\TI Shared

2012-09-19 12:55 . 2012-09-19 12:57 -------- d-----w- c:\program files\TI Education

2012-09-19 12:54 . 2012-09-19 12:57 -------- d-----w- c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP

2012-09-19 11:41 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-19 11:38 . 2012-09-19 11:38 -------- d-----w- c:\program files\iPod

2012-09-19 11:38 . 2012-09-19 11:41 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-19 11:38 . 2012-09-19 11:41 -------- d-----w- c:\program files\iTunes

2012-09-19 05:15 . 2012-09-19 05:15 -------- d-----w- c:\program files\GUMD039.tmp

2012-09-08 10:25 . 2012-09-08 10:25 -------- d-----w- c:\users\Gino Hoste\.sessionstealer

2012-09-08 08:17 . 2012-09-08 08:19 -------- d-----w- c:\program files\LibreOffice 3.6

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-30 10:27 . 2011-08-31 10:07 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-09-30 10:27 . 2011-08-31 10:07 138056 ----a-w- c:\users\Gino Hoste\AppData\Roaming\PnkBstrK.sys

2012-09-30 10:27 . 2011-08-31 10:06 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-09-30 10:27 . 2011-08-31 10:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-09-21 18:18 . 2012-05-16 17:38 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-21 18:18 . 2011-12-15 05:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-20 19:20 . 2011-11-09 13:50 235 ----a-w- c:\windows\system32\nxEuUninstall.bat

2012-09-20 19:20 . 2010-12-14 14:19 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-08-30 13:18 . 2012-08-30 13:18 65536 ----a-w- c:\windows\system32\frapsvid.dll

2012-08-21 11:01 . 2009-09-15 19:24 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2012-08-21 09:13 . 2011-04-20 06:28 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2010-09-19 06:51 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2010-09-19 06:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2012-07-19 11:44 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-08-21 09:13 . 2012-03-25 06:53 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-08-21 09:13 . 2010-09-19 06:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-08-21 09:13 . 2010-09-19 06:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-08-21 09:13 . 2012-07-19 11:46 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-08-21 09:13 . 2010-09-19 06:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:12 . 2010-09-19 06:51 41224 ----a-w- c:\windows\avastSS.scr

2012-08-21 09:12 . 2010-09-19 06:51 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-13 11:18 . 2012-07-13 11:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2012-07-09 11:42 . 2012-07-09 11:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-07-09 11:42 . 2012-07-09 11:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-07-04 14:02 . 2012-08-16 06:13 2047488 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"chromium"="c:\users\Gino Hoste\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-09-25 1239064]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-11-09 438272]

"Steam"="c:\program files\Steam\Steam.exe" [2012-09-28 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Gino Hoste^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Gino Hoste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belgacom]

2008-05-29 08:18 202016 ----a-r- c:\program files\Belgacom\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2010-03-24 17:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

2010-04-02 08:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]

2012-09-25 09:43 1239064 ----a-w- c:\users\Gino Hoste\AppData\Local\Google\Chrome\Application\chrome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-08-05 20:13 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]

2008-01-11 21:40 98304 ----a-r- c:\program files\ATK Hotkey\HControlUser.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-05-07 16:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]

2010-03-02 17:52 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]

2011-11-09 13:51 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-06-13 05:52 6183456 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]

2008-02-04 09:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2008-03-06 11:04 1041704 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Gino Hoste\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 18:18]

.

2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:02]

.

2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:02]

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240214409-1445849887-602575872-1000Core.job

- c:\users\Gino Hoste\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 15:26]

.

2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240214409-1445849887-602575872-1000UA.job

- c:\users\Gino Hoste\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 15:26]

.

2012-10-01 c:\windows\Tasks\Recovery DVD Creator-Gino Hoste.job

- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-11-01 09:13]

.

2012-10-01 c:\windows\Tasks\Uitgebreide garantie-Gino Hoste.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-11-01 09:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: jinrake.info\www

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

WebBrowser-{37295164-6894-4F93-AD7D-B7DE830DBB96} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe

MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-UnityWebPlayer - c:\users\Gino Hoste\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-01 17:16

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

.

c:\users\GINOHO~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

C:\avast! sandbox

.

Scan succesvol afgerond

verborgen bestanden: 2

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-240214409-1445849887-602575872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:6d,9c,a1,4d,fa,50,de,de,33,f8,59,6c,9a,41,6a,45,16,c2,e2,21,0c,86,9a,

68,c7,73,38,bb,6b,4e,ca,91,d5,cc,30,58,ae,3a,a8,5e,0a,84,be,a2,1a,b5,98,86,\

"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba

.

[HKEY_USERS\S-1-5-21-240214409-1445849887-602575872-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:7a,26,d7,0f,9b,32,72,85,a5,c7,8b,88,94,1f,f1,0a,84,3e,78,0a,67,

6d,c0,e4,7b,86,be,b2,55,3a,8f,a6,7c,a9,4b,b2,68,ef,0b,74,cf,3f,15,27,18,a8,\

"rkeysecu"=hex:aa,44,96,e9,0a,8f,b7,c7,f3,8b,dc,4c,c8,20,1e,bd

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-10-01 17:21:39

ComboFix-quarantined-files.txt 2012-10-01 15:21

.

Pre-Run: 129.939.992.576 bytes beschikbaar

Post-Run: 129.908.289.536 bytes beschikbaar

.

- - End Of File - - 9D9EEADF206E155C28B325499B3DF3AD

nog steeds traag

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\GUMD039.tmp

Folder::

c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.