Ga naar inhoud

Waarschuwing Wininit


Henry1960

Aanbevolen berichten

Hallo allemaal.

De laatste tijd zie ik steeds bij deze melding in het logboek staan, is daar een oplossing voor?

Waarschuwing 9-1-2013 8:20:38 Wininit 11 Geen

Aangepaste DLL-bestanden worden voor elke toepassing geladen. De systeembeheerder moet de lijst met DLL-bestanden controleren en zorgen dat de bestanden gerelateerd zijn aan vertrouwde toepassingen.

Bij voorbaat mijn dank.

Henry1960

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 13-01-08.01 - Pieters 11-01-2013 3:15.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3063.2067 [GMT 1:00]

Gestart vanuit: c:\users\Pieters\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\MyWebFace_5aEI

c:\programdata\page

c:\programdata\page\page.ico

c:\programdata\page\page.URL

c:\users\Public\sdelevURL.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-11 to 2013-01-11 ))))))))))))))))))))))))))))))

.

.

2013-01-11 01:58 . 2013-01-11 01:58 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34E562E1-6C7E-4D46-9BF1-5FD5FCF61633}\offreg.dll

2013-01-11 01:58 . 2013-01-11 01:58 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34E562E1-6C7E-4D46-9BF1-5FD5FCF61633}\MpKsl36f3dab4.sys

2013-01-10 17:05 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-10 06:44 . 2012-11-08 09:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34E562E1-6C7E-4D46-9BF1-5FD5FCF61633}\mpengine.dll

2013-01-09 04:07 . 2012-11-08 09:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-09 03:51 . 2013-01-09 03:51 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-01-04 16:26 . 2013-01-04 16:26 -------- d-----w- c:\users\Pieters\AppData\Roaming\Foxit Software

2013-01-04 04:03 . 2013-01-04 16:59 -------- d-----w- c:\program files\WOT

2013-01-03 18:02 . 2013-01-03 18:02 -------- d-----w- c:\users\Pieters\AppData\Local\Simplare

2013-01-03 17:25 . 2013-01-03 17:25 -------- d-----w- c:\users\Pieters\AppData\Roaming\Radiocom

2013-01-03 17:14 . 2013-01-06 11:08 -------- d-----w- c:\users\Pieters\AppData\Roaming\vlc

2013-01-03 17:07 . 2013-01-03 17:07 -------- d-----w- c:\program files\VideoLAN

2013-01-03 17:07 . 2013-01-03 17:07 -------- d-----w- c:\users\Pieters\AppData\Local\Rich Media Suite

2013-01-03 12:57 . 2013-01-03 13:11 -------- d-----w- c:\users\Pieters\AppData\Roaming\Raptr

2013-01-03 12:57 . 2013-01-03 13:11 -------- d-----w- c:\program files\Raptr

2013-01-03 12:56 . 2013-01-03 12:56 -------- d-----w- c:\users\Pieters\.swt

2013-01-03 12:55 . 2013-01-04 04:11 -------- d-----w- c:\users\Pieters\AppData\Roaming\Azureus

2013-01-03 08:11 . 2013-01-03 11:52 -------- d-----w- c:\users\Pieters\AppData\Roaming\Cabos

2013-01-03 07:48 . 2013-01-03 07:48 -------- d-----w- c:\programdata\14156

2013-01-03 04:32 . 2013-01-03 04:32 -------- d-----w- c:\users\Pieters\AppData\Local\CRE

2013-01-03 04:32 . 2013-01-03 06:15 -------- d-----w- c:\programdata\Tarma Installer

2013-01-03 04:31 . 2013-01-03 05:59 -------- d-----w- c:\users\Pieters\AppData\Roaming\uTorrent

2013-01-03 04:26 . 2013-01-03 04:26 -------- d-----w- c:\programdata\Wincert

2013-01-03 04:26 . 2013-01-03 04:26 -------- d-----w- c:\programdata\boost_interprocess

2013-01-03 04:26 . 2013-01-03 04:26 -------- d-----w- c:\users\Pieters\AppData\Roaming\MusicNet

2013-01-03 04:26 . 2013-01-03 11:39 -------- d-----w- c:\users\Pieters\AppData\Roaming\BearShare

2013-01-03 04:26 . 2013-01-03 11:39 -------- d-----w- c:\users\Pieters\AppData\Local\BearShare

2013-01-03 04:25 . 2013-01-03 04:25 -------- d-----w- c:\users\Pieters\AppData\Local\PackageAware

2013-01-01 09:54 . 2013-01-03 16:52 -------- d-----w- c:\program files\FileConverter_1.4

2012-12-31 13:23 . 2013-01-03 04:11 -------- d-----w- c:\users\Pieters\AppData\Roaming\BitComet

2012-12-31 08:50 . 2012-12-31 09:00 -------- d-----w- c:\users\Pieters\AppData\Roaming\FreeFixer

2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\users\Pieters\AppData\Local\FreeFixer

2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\program files\FreeFixer

2012-12-31 08:48 . 2012-12-31 08:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-12-31 08:09 . 2012-12-31 08:10 -------- d-----w- c:\users\Pieters\AppData\Local\WiFi Guard

2012-12-31 08:09 . 2012-12-31 08:09 -------- d-----w- c:\program files\SoftPerfect WiFi Guard

2012-12-28 07:13 . 2012-12-28 07:13 -------- d-----w- c:\users\Pieters\AppData\Local\Programs

2012-12-26 08:33 . 2012-12-26 08:33 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-12-26 08:33 . 2012-12-26 08:33 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-12-23 09:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-12-23 09:21 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-12-23 09:21 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-12-23 09:21 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll

2012-12-23 09:21 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-12-23 05:46 . 2012-11-30 07:57 29536 ----a-w- c:\windows\system32\uxtuneup.dll

2012-12-23 04:00 . 2012-12-23 04:00 -------- d-----w- c:\users\Pieters\AppData\Roaming\ImgBurn

2012-12-23 03:58 . 2012-12-23 03:58 -------- d-----w- c:\program files\ImgBurn

2012-12-23 03:10 . 2012-12-23 03:10 -------- d-----w- c:\users\Pieters\AppData\Local\HP

2012-12-21 18:55 . 2012-12-21 18:55 -------- d-----w- c:\program files\Dream Vacation Solitaire

2012-12-21 09:10 . 2013-01-10 15:36 -------- d-----w- C:\Downloads

2012-12-21 08:48 . 2013-01-05 15:50 -------- d-----w- c:\users\Pieters\FrostWire

2012-12-21 08:48 . 2013-01-07 08:49 -------- d-----w- c:\users\Pieters\.frostwire5

2012-12-21 08:43 . 2012-12-21 09:01 -------- d-----w- c:\program files\FrostWire 5

2012-12-21 08:43 . 2012-12-21 08:43 -------- d-----w- c:\users\Pieters\AppData\Local\APN

2012-12-21 06:12 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 06:12 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-17 03:05 . 2012-12-17 03:05 -------- d-----w- c:\users\Pieters\AppData\Local\Macromedia

2012-12-15 11:09 . 2012-12-15 11:11 -------- d-----w- C:\Microsoft Flight SimulatorAddon Scenery

2012-12-15 10:35 . 2012-12-15 10:35 0 ----a-w- c:\users\Pieters\AppData\Local\jv16PT_temp.tmp

2012-12-14 17:59 . 2013-01-11 01:43 -------- d-----w- c:\program files\Mozilla Thunderbird

2012-12-14 12:37 . 2012-12-27 12:21 -------- d-----w- c:\users\Pieters\AppData\Local\Windows Live Writer

2012-12-14 12:37 . 2012-12-14 17:44 -------- d-----w- c:\users\Pieters\AppData\Roaming\Windows Live Writer

2012-12-14 12:06 . 2012-12-14 12:07 -------- d-----w- c:\program files\Windows Live

2012-12-14 12:05 . 2013-01-10 15:22 -------- d-----w- c:\users\Pieters\AppData\Local\Windows Live

2012-12-14 12:04 . 2012-12-14 12:04 -------- d-----w- c:\program files\Common Files\Windows Live

2012-12-12 07:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 07:47 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 03:18 . 2012-11-23 14:58 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-10 03:18 . 2012-11-23 14:58 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-14 15:49 . 2012-12-02 07:25 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-30 07:57 . 2012-11-23 13:18 31584 ----a-w- c:\windows\system32\TURegOpt.exe

2012-11-30 07:57 . 2012-11-23 13:18 21344 ----a-w- c:\windows\system32\authuitu.dll

2012-11-28 17:05 . 2012-11-28 17:05 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F47F552-B253-4AE0-9335-E04993218962}\gapaengine.dll

2012-11-25 11:55 . 2012-11-25 11:56 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-11-23 16:21 . 2012-11-23 16:21 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-23 16:21 . 2012-11-23 16:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-23 15:12 . 2012-11-23 15:12 388096 ----a-r- c:\users\Pieters\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-23 14:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-11-23 10:48 . 2012-11-23 10:48 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-11-23 10:48 . 2012-11-23 10:48 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-11-23 10:48 . 2012-11-23 10:48 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-11-23 10:48 . 2012-11-23 10:48 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-11-23 10:48 . 2012-11-23 10:48 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-11-23 10:48 . 2012-11-23 10:48 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-11-23 10:48 . 2012-11-23 10:48 367104 ----a-w- c:\windows\system32\html.iec

2012-11-23 10:48 . 2012-11-23 10:48 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-11-23 10:48 . 2012-11-23 10:48 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-23 10:48 . 2012-11-23 10:48 161792 ----a-w- c:\windows\system32\msls31.dll

2012-11-23 10:48 . 2012-11-23 10:48 152064 ----a-w- c:\windows\system32\wextract.exe

2012-11-23 10:48 . 2012-11-23 10:48 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-11-23 10:48 . 2012-11-23 10:48 11776 ----a-w- c:\windows\system32\mshta.exe

2012-11-23 10:48 . 2012-11-23 10:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-11-23 10:48 . 2012-11-23 10:48 101888 ----a-w- c:\windows\system32\admparse.dll

2012-11-19 00:04 . 2012-11-23 10:44 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D73FA79-3C31-464F-875C-1ADF5644231C}\mpengine.dll

2012-10-16 07:39 . 2012-11-28 04:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-12-17 03:10 . 2012-12-17 03:10 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{296aa17d-c89e-4242-a5a4-44bfe76914a2}"= "c:\program files\FileConverter_1.4\prxtbFil0.dll" [2012-11-06 183112]

.

[HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

2012-11-06 12:01 183112 ----a-w- c:\program files\FileConverter_1.4\prxtbFil0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{296aa17d-c89e-4242-a5a4-44bfe76914a2}"= "c:\program files\FileConverter_1.4\prxtbFil0.dll" [2012-11-06 183112]

.

[HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{296AA17D-C89E-4242-A5A4-44BFE76914A2}"= "c:\program files\FileConverter_1.4\prxtbFil0.dll" [2012-11-06 183112]

.

[HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Pieters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkvMon.exe.lnk

backup=c:\windows\pss\NkvMon.exe.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]

2011-09-14 21:09 539800 ----a-w- c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElementsAutoAnalyzer.exe]

2011-09-14 21:09 539800 ----a-w- c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Pieters\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 MpKsl36f3dab4;MpKsl36f3dab4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34E562E1-6C7E-4D46-9BF1-5FD5FCF61633}\MpKsl36f3dab4.sys [x]

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]

S3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSL36F3DAB4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

GPSvcGroup REG_MULTI_SZ GPSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 03:18]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-11 09:17]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-11 09:17]

.

2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3490999991-3385707320-1038653658-1001Core.job

- c:\users\Pieters\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-20 09:23]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3490999991-3385707320-1038653658-1001UA.job

- c:\users\Pieters\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-20 09:23]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.bing.com/?scope=web&mkt=nl-NL

mStart Page = hxxp://www.v9.com/newtab

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 192.168.123.254

FF - ProfilePath - c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.net

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=20&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=0175298354744545&o=APN10641&q=

FF - ExtSQL: 2012-11-29 17:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-04 18:27; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: 2012-12-11 19:45; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: 2013-01-03 05:26; {15a0413e-9f45-4d45-9a75-2c20b15b5b51}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{15a0413e-9f45-4d45-9a75-2c20b15b5b51}

FF - ExtSQL: 2013-01-03 05:32; plugin@yontoo.com; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\plugin@yontoo.com

FF - ExtSQL: 2013-01-03 05:32; {87775fdb-6972-41f9-ae51-8326e38cb206}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}

FF - ExtSQL: 2013-01-04 05:01; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - ExtSQL: !HIDDEN! 2012-12-11 19:45; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: extentions.y2layers.installId - 18797c3c-58fd-4b70-a037-b83c00a3dc89

FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

Toolbar-{15a0413e-9f45-4d45-9a75-2c20b15b5b51} - (no file)

Toolbar-10 - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-01-11 03:22:10

ComboFix-quarantined-files.txt 2013-01-11 02:22

.

Pre-Run: 470.059.720.704 bytes beschikbaar

Post-Run: 469.595.447.296 bytes beschikbaar

.

- - End Of File - - 4B91EC6046082D8239E7AE9A0CE4AD6E

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\programdata\Tarma Installer

DirLook::

c:\programdata\14156

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

Firefox::

FF - ProfilePath - c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

FF - user.js: extentions.y2layers.installId - 18797c3c-58fd-4b70-a037-b83c00a3dc89

FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Goeden morgen Heer Kape.

Weet niet zeker of ik het goed gedaan heb, nadat het log naar ComboFix was gesleept kwam die met een update heb op ja geklikt, heb ook een foutmelding gezien kon ze helaas niet noteren, een herstart ook niet gezien, Combo begon gelijk te werken zoals de eerste maal, is dat correct?

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

ComboFix 13-01-11.01 - Pieters 11-01-2013 7:37.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3063.2086 [GMT 1:00]

Gestart vanuit: d:\programma's\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pieters\Desktop\CFScript.txt.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-11 to 2013-01-11 ))))))))))))))))))))))))))))))

.

.

2013-01-11 06:42 . 2013-01-11 06:42 -------- d-----w- c:\users\Pieters\AppData\Local\temp

2013-01-11 06:42 . 2013-01-11 06:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-11 06:42 . 2013-01-11 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-11 01:43 . 2013-01-11 02:31 -------- d-----w- c:\program files\Mozilla Thunderbird

2013-01-10 17:05 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-09 03:51 . 2013-01-09 03:51 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-01-04 16:26 . 2013-01-04 16:26 -------- d-----w- c:\users\Pieters\AppData\Roaming\Foxit Software

2013-01-04 04:03 . 2013-01-04 16:59 -------- d-----w- c:\program files\WOT

2013-01-03 18:02 . 2013-01-03 18:02 -------- d-----w- c:\users\Pieters\AppData\Local\Simplare

2013-01-03 17:25 . 2013-01-03 17:25 -------- d-----w- c:\users\Pieters\AppData\Roaming\Radiocom

2013-01-03 17:14 . 2013-01-06 11:08 -------- d-----w- c:\users\Pieters\AppData\Roaming\vlc

2013-01-03 17:07 . 2013-01-03 17:07 -------- d-----w- c:\program files\VideoLAN

2013-01-03 17:07 . 2013-01-03 17:07 -------- d-----w- c:\users\Pieters\AppData\Local\Rich Media Suite

2013-01-03 12:57 . 2013-01-03 13:11 -------- d-----w- c:\users\Pieters\AppData\Roaming\Raptr

2013-01-03 12:57 . 2013-01-03 13:11 -------- d-----w- c:\program files\Raptr

2013-01-03 12:56 . 2013-01-03 12:56 -------- d-----w- c:\users\Pieters\.swt

2013-01-03 12:55 . 2013-01-04 04:11 -------- d-----w- c:\users\Pieters\AppData\Roaming\Azureus

2013-01-03 08:11 . 2013-01-03 11:52 -------- d-----w- c:\users\Pieters\AppData\Roaming\Cabos

2013-01-03 07:48 . 2013-01-03 07:48 -------- d-----w- c:\programdata\14156

2013-01-03 04:32 . 2013-01-03 04:32 -------- d-----w- c:\users\Pieters\AppData\Local\CRE

2013-01-03 04:31 . 2013-01-03 05:59 -------- d-----w- c:\users\Pieters\AppData\Roaming\uTorrent

2013-01-03 04:26 . 2013-01-03 04:26 -------- d-----w- c:\programdata\Wincert

2013-01-03 04:26 . 2013-01-03 04:26 -------- d-----w- c:\programdata\boost_interprocess

2013-01-03 04:26 . 2013-01-03 04:26 -------- d-----w- c:\users\Pieters\AppData\Roaming\MusicNet

2013-01-03 04:26 . 2013-01-03 11:39 -------- d-----w- c:\users\Pieters\AppData\Roaming\BearShare

2013-01-03 04:26 . 2013-01-03 11:39 -------- d-----w- c:\users\Pieters\AppData\Local\BearShare

2013-01-03 04:25 . 2013-01-03 04:25 -------- d-----w- c:\users\Pieters\AppData\Local\PackageAware

2013-01-01 09:54 . 2013-01-03 16:52 -------- d-----w- c:\program files\FileConverter_1.4

2012-12-31 13:23 . 2013-01-03 04:11 -------- d-----w- c:\users\Pieters\AppData\Roaming\BitComet

2012-12-31 08:50 . 2012-12-31 09:00 -------- d-----w- c:\users\Pieters\AppData\Roaming\FreeFixer

2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\users\Pieters\AppData\Local\FreeFixer

2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\program files\FreeFixer

2012-12-31 08:48 . 2012-12-31 08:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-12-31 08:09 . 2012-12-31 08:10 -------- d-----w- c:\users\Pieters\AppData\Local\WiFi Guard

2012-12-31 08:09 . 2012-12-31 08:09 -------- d-----w- c:\program files\SoftPerfect WiFi Guard

2012-12-28 07:13 . 2012-12-28 07:13 -------- d-----w- c:\users\Pieters\AppData\Local\Programs

2012-12-26 08:33 . 2012-12-26 08:33 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-12-26 08:33 . 2012-12-26 08:33 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-12-23 09:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-12-23 09:21 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-12-23 09:21 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-12-23 09:21 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll

2012-12-23 09:21 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-12-23 05:46 . 2012-11-30 07:57 29536 ----a-w- c:\windows\system32\uxtuneup.dll

2012-12-23 04:00 . 2012-12-23 04:00 -------- d-----w- c:\users\Pieters\AppData\Roaming\ImgBurn

2012-12-23 03:58 . 2012-12-23 03:58 -------- d-----w- c:\program files\ImgBurn

2012-12-23 03:10 . 2012-12-23 03:10 -------- d-----w- c:\users\Pieters\AppData\Local\HP

2012-12-21 09:10 . 2013-01-10 15:36 -------- d-----w- C:\Downloads

2012-12-21 08:48 . 2013-01-05 15:50 -------- d-----w- c:\users\Pieters\FrostWire

2012-12-21 08:48 . 2013-01-07 08:49 -------- d-----w- c:\users\Pieters\.frostwire5

2012-12-21 08:43 . 2012-12-21 09:01 -------- d-----w- c:\program files\FrostWire 5

2012-12-21 08:43 . 2012-12-21 08:43 -------- d-----w- c:\users\Pieters\AppData\Local\APN

2012-12-21 06:12 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 06:12 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-17 03:05 . 2012-12-17 03:05 -------- d-----w- c:\users\Pieters\AppData\Local\Macromedia

2012-12-15 11:09 . 2012-12-15 11:11 -------- d-----w- C:\Microsoft Flight SimulatorAddon Scenery

2012-12-15 10:35 . 2012-12-15 10:35 0 ----a-w- c:\users\Pieters\AppData\Local\jv16PT_temp.tmp

2012-12-14 12:37 . 2012-12-27 12:21 -------- d-----w- c:\users\Pieters\AppData\Local\Windows Live Writer

2012-12-14 12:37 . 2012-12-14 17:44 -------- d-----w- c:\users\Pieters\AppData\Roaming\Windows Live Writer

2012-12-14 12:06 . 2012-12-14 12:07 -------- d-----w- c:\program files\Windows Live

2012-12-14 12:05 . 2013-01-10 15:22 -------- d-----w- c:\users\Pieters\AppData\Local\Windows Live

2012-12-14 12:04 . 2012-12-14 12:04 -------- d-----w- c:\program files\Common Files\Windows Live

2012-12-12 07:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 07:47 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 03:18 . 2012-11-23 14:58 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-10 03:18 . 2012-11-23 14:58 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-14 15:49 . 2012-12-02 07:25 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-30 07:57 . 2012-11-23 13:18 31584 ----a-w- c:\windows\system32\TURegOpt.exe

2012-11-30 07:57 . 2012-11-23 13:18 21344 ----a-w- c:\windows\system32\authuitu.dll

2012-11-23 16:21 . 2012-11-23 16:21 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-23 16:21 . 2012-11-23 16:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-23 15:12 . 2012-11-23 15:12 388096 ----a-r- c:\users\Pieters\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-23 14:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-11-23 10:48 . 2012-11-23 10:48 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-11-23 10:48 . 2012-11-23 10:48 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-11-23 10:48 . 2012-11-23 10:48 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-11-23 10:48 . 2012-11-23 10:48 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-11-23 10:48 . 2012-11-23 10:48 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-11-23 10:48 . 2012-11-23 10:48 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-11-23 10:48 . 2012-11-23 10:48 367104 ----a-w- c:\windows\system32\html.iec

2012-11-23 10:48 . 2012-11-23 10:48 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-11-23 10:48 . 2012-11-23 10:48 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-23 10:48 . 2012-11-23 10:48 161792 ----a-w- c:\windows\system32\msls31.dll

2012-11-23 10:48 . 2012-11-23 10:48 152064 ----a-w- c:\windows\system32\wextract.exe

2012-11-23 10:48 . 2012-11-23 10:48 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-11-23 10:48 . 2012-11-23 10:48 11776 ----a-w- c:\windows\system32\mshta.exe

2012-11-23 10:48 . 2012-11-23 10:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-11-23 10:48 . 2012-11-23 10:48 101888 ----a-w- c:\windows\system32\admparse.dll

2012-11-19 00:04 . 2012-11-23 10:44 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D73FA79-3C31-464F-875C-1ADF5644231C}\mpengine.dll

2012-10-16 07:39 . 2012-11-28 04:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-12-17 03:10 . 2012-12-17 03:10 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\programdata\14156 ----

.

2013-01-03 07:48 . 2013-01-03 04:27 4265 ----a-w- c:\programdata\14156\{FE641213-506B-4A35-ADDF-0B17178758DA}.swf

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

c:\users\Pieters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkvMon.exe.lnk

backup=c:\windows\pss\NkvMon.exe.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]

2011-09-14 21:09 539800 ----a-w- c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElementsAutoAnalyzer.exe]

2011-09-14 21:09 539800 ----a-w- c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Pieters\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - NisDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

GPSvcGroup REG_MULTI_SZ GPSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 03:18]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-11 09:17]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-11 09:17]

.

2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3490999991-3385707320-1038653658-1001Core.job

- c:\users\Pieters\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-20 09:23]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3490999991-3385707320-1038653658-1001UA.job

- c:\users\Pieters\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-20 09:23]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.bing.com/?scope=web&mkt=nl-NL

mStart Page = hxxp://www.v9.com/newtab

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 192.168.123.254

FF - ProfilePath - c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\

FF - ExtSQL: 2012-11-29 17:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-04 18:27; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: 2012-12-11 19:45; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: 2013-01-03 05:26; {15a0413e-9f45-4d45-9a75-2c20b15b5b51}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{15a0413e-9f45-4d45-9a75-2c20b15b5b51}

FF - ExtSQL: 2013-01-03 05:32; plugin@yontoo.com; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\plugin@yontoo.com

FF - ExtSQL: 2013-01-03 05:32; {87775fdb-6972-41f9-ae51-8326e38cb206}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}

FF - ExtSQL: 2013-01-04 05:01; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Pieters\AppData\Roaming\Mozilla\Firefox\Profiles\onrlxtzm.default-1354183221330\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - ExtSQL: !HIDDEN! 2012-12-11 19:45; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: extensions.autoDisableScopes - 14

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-01-11 07:43:21

ComboFix-quarantined-files.txt 2013-01-11 06:43

ComboFix2.txt 2013-01-11 02:22

.

Pre-Run: 469.470.773.248 bytes beschikbaar

Post-Run: 469.430.575.104 bytes beschikbaar

.

- - End Of File - - 0AE3C3392DD18C4E2E09BE107E2C3C9B

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Ga nu terug naar “Systeembeveiliging” en maak meteen een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.
  • Kies voor “Maken”. Geef het herstelpunt een eigen naam en klik op “Maken”.
  • Herstart nu de PC.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.