Ga naar inhoud

laptop doet raar en is langzaam op internet, draadloos is op 3 andere geen probleem

patrickvan71

Door patrickvan71
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

patrickvan71 Meewerkend lid

patrickvan71

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 13-08-16.03 - Patrick 17/08/2013 21:16:37.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1022.411 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\f13b39fc7ceb478fc1e4995f6cac2d54_c

c:\documents and settings\All Users\Application Data\QuestScan

c:\documents and settings\Patrick\WINDOWS

c:\windows\IsUn0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-17 to 2013-08-17 ))))))))))))))))))))))))))))))

.

.

2013-08-16 19:34 . 2013-08-16 19:17 24064 ----a-w- c:\windows\zoek-delete.exe

2013-08-16 05:11 . 2013-08-16 05:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2013-08-16 04:26 . 2013-08-16 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-16 04:26 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-16 01:16 . 2013-08-16 01:21 -------- d-----w- c:\windows\system32\MRT

2013-08-16 01:09 . 2013-08-16 01:09 -------- d-----w- c:\program files\SkypeWebPlugin

2013-08-16 00:26 . 2013-08-16 00:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\TuneUp Software

2013-08-16 00:20 . 2013-08-16 00:20 -------- d-----w- c:\program files\Common Files\Java

2013-08-16 00:19 . 2013-08-16 00:18 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-08-16 00:19 . 2013-08-16 00:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-08-16 00:19 . 2013-08-16 00:19 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\MFAData

2013-08-16 00:19 . 2013-08-16 00:19 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Avg2013

2013-08-16 00:18 . 2013-08-16 00:18 -------- d-----w- c:\program files\Java

2013-08-16 00:16 . 2013-08-16 00:18 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-16 19:27 . 2012-10-07 08:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-16 19:27 . 2012-10-07 08:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-16 00:18 . 2011-02-28 18:51 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-26 02:49 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 02:48 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-26 02:48 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-07-25 15:58 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

2013-07-10 10:37 . 2004-08-04 08:00 406016 ----a-w- c:\windows\system32\usp10.dll

2013-07-04 07:33 . 2004-08-04 08:00 2154496 ------w- c:\windows\system32\ntoskrnl.exe

2013-07-04 07:33 . 2004-08-04 08:00 2033152 ------w- c:\windows\system32\ntkrnlpa.exe

2013-06-05 09:08 . 2004-08-04 08:00 1876864 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 07:22 . 2004-08-04 08:00 563200 ----a-w- c:\windows\system32\qedit.dll

2013-05-28 01:59 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2013-05-28 01:05 . 2008-05-05 05:25 6656 ----a-w- c:\windows\system32\xpsp4res.dll

2009-04-25 12:23 . 2009-04-25 12:23 547496 ----a-w- c:\program files\ChromeSetup.exe

2004-08-09 21:30 . 2007-07-08 11:54 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2012-10-28 18:38 . 2012-10-28 18:37 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-15 86016]

"nwiz"="nwiz.exe" [2005-12-15 1519616]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-08 61952]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-30 161336]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\SkypeWebPlugin\\SkypeWebPlugin.exe"=

.

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16/08/2013 6:26 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/08/2013 6:26 701512]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/08/2013 6:26 22856]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8/01/2013 13:53 161536]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/11/2010 13:48 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2/11/2010 13:48 8320]

S3 TipCtrl;TipCtrl;"c:\program files\uTIPu\TipCtrl.exe" --> c:\program files\uTIPu\TipCtrl.exe [?]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 19:27]

.

2012-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2013-02-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 18:25]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:11]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:11]

.

2013-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1534048935-4134155108-1236404486-1006Core.job

- c:\documents and settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 12:23]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1534048935-4134155108-1236404486-1006UA.job

- c:\documents and settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 12:23]

.

2013-02-25 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

2013-08-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\Patrick\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\documents and settings\Patrick\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.3 195.130.130.131

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\vcp7xx7r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

.

.

------- Bestandsassociaties -------

.

.txt=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

HKLM-Run-NWEReboot - (no file)

AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0413.EXE

AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-08-17 21:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2013-08-17 21:41:32

ComboFix-quarantined-files.txt 2013-08-17 19:41

ComboFix2.txt 2011-03-03 18:40

.

Pre-Run: 37.254.258.688 bytes beschikbaar

Post-Run: 37.910.327.296 bytes beschikbaar

.

- - End Of File - - 9DE1018E0F158EF795777AAFB3B73991

89685F688D61D591FE668A640B2D74A0

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit ziet er goed uit. Verwijder zoek.exe van het bureaublad en verwijder Combofix zo:

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

Link naar reactie
Delen op andere sites
patrickvan71 Meewerkend lid

patrickvan71

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

ComboFix 13-08-18.01 - Patrick 18/08/2013 20:58:04.6.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1022.208 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: /Uninstal

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-18 to 2013-08-18 ))))))))))))))))))))))))))))))

.

.

2013-08-18 12:48 . 2013-08-18 12:48 -------- d--h--r- c:\documents and settings\Patrick\Onlangs geopend

2013-08-16 19:34 . 2013-08-16 19:17 24064 ----a-w- c:\windows\zoek-delete.exe

2013-08-16 05:11 . 2013-08-16 05:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2013-08-16 04:26 . 2013-08-16 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-16 04:26 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-16 01:16 . 2013-08-16 01:21 -------- d-----w- c:\windows\system32\MRT

2013-08-16 01:09 . 2013-08-16 01:09 -------- d-----w- c:\program files\SkypeWebPlugin

2013-08-16 00:26 . 2013-08-16 00:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\TuneUp Software

2013-08-16 00:20 . 2013-08-16 00:20 -------- d-----w- c:\program files\Common Files\Java

2013-08-16 00:19 . 2013-08-16 00:18 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-08-16 00:19 . 2013-08-16 00:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-08-16 00:19 . 2013-08-16 00:19 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\MFAData

2013-08-16 00:19 . 2013-08-16 00:19 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Avg2013

2013-08-16 00:18 . 2013-08-16 00:18 -------- d-----w- c:\program files\Java

2013-08-16 00:16 . 2013-08-16 00:18 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-16 19:27 . 2012-10-07 08:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-16 19:27 . 2012-10-07 08:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-16 00:18 . 2011-02-28 18:51 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-26 02:49 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 02:48 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-26 02:48 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-07-25 15:58 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

2013-07-10 10:37 . 2004-08-04 08:00 406016 ----a-w- c:\windows\system32\usp10.dll

2013-07-04 07:33 . 2004-08-04 08:00 2154496 ------w- c:\windows\system32\ntoskrnl.exe

2013-07-04 07:33 . 2004-08-04 08:00 2033152 ------w- c:\windows\system32\ntkrnlpa.exe

2013-06-05 09:08 . 2004-08-04 08:00 1876864 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 07:22 . 2004-08-04 08:00 563200 ----a-w- c:\windows\system32\qedit.dll

2013-05-28 01:59 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2013-05-28 01:05 . 2008-05-05 05:25 6656 ----a-w- c:\windows\system32\xpsp4res.dll

2009-04-25 12:23 . 2009-04-25 12:23 547496 ----a-w- c:\program files\ChromeSetup.exe

2004-08-09 21:30 . 2007-07-08 11:54 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2012-10-28 18:38 . 2012-10-28 18:37 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-15 86016]

"nwiz"="nwiz.exe" [2005-12-15 1519616]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-08 61952]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-30 161336]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\SkypeWebPlugin\\SkypeWebPlugin.exe"=

.

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16/08/2013 6:26 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/08/2013 6:26 701512]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/08/2013 6:26 22856]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8/01/2013 13:53 161536]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/11/2010 13:48 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2/11/2010 13:48 8320]

S3 TipCtrl;TipCtrl;"c:\program files\uTIPu\TipCtrl.exe" --> c:\program files\uTIPu\TipCtrl.exe [?]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 19:27]

.

2012-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2013-02-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 18:25]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:11]

.

2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:11]

.

2013-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1534048935-4134155108-1236404486-1006Core.job

- c:\documents and settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 12:23]

.

2013-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1534048935-4134155108-1236404486-1006UA.job

- c:\documents and settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 12:23]

.

2013-02-25 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

2013-08-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\Patrick\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\documents and settings\Patrick\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.3 195.130.130.131

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\vcp7xx7r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

.

.

------- Bestandsassociaties -------

.

.txt=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-08-18 21:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2416)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2013-08-18 21:19:04

ComboFix-quarantined-files.txt 2013-08-18 19:19

ComboFix2.txt 2011-03-03 18:40

.

Pre-Run: 38.001.967.104 bytes beschikbaar

Post-Run: 38.027.079.680 bytes beschikbaar

.

- - End Of File - - 8E2D02612FAC101877EC92858F4721A1

89685F688D61D591FE668A640B2D74A0

aangepast door kape
dubbellog verwijderd
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit is een nieuw (clean) logje van Combofix, maar de bedoeling is nu dat je Combofix verwijderd van de PC. En dat doe je best zo:

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.