Ga naar inhoud

Aanbevolen berichten

Geplaatst:

ComboFix 14-01-22.01 - Goossens Freddy 22/01/2014 22:14:58.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.262 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Goossens Freddy\Mijn documenten\Downloads\ComboFix.exe

AV: Computer Bescherming *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Goossens Freddy\Local Settings\Application Data\assembly\tmp

C:\Documents

c:\windows\animbigN.bmp

c:\windows\animsmalN.bmp

c:\windows\iun6002.exe

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\Cache

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\287e84eec7c5e90a.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\405810e95148b1c9.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\778df91485912c18.fb

c:\windows\system32\Cache\8df1b560b975a8f7.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\9fb984e41a72e14f.fb

c:\windows\system32\Cache\a83972ba7c551385.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\drivers\tcpip.copy

c:\windows\system32\rnaph.dll

c:\windows\system32\roboot.exe

c:\windows\system32\SET3F.tmp

c:\windows\system32\SET57.tmp

c:\windows\system32\SET58.tmp

c:\windows\system32\SET59.tmp

c:\windows\system32\SET5D.tmp

c:\windows\system32\SET5E.tmp

c:\windows\system32\SET62.tmp

c:\windows\system32\SET64.tmp

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_N

-------\Legacy_Skype_C2C_Service

-------\Service_Skype C2C Service

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-12-22 to 2014-01-22 ))))))))))))))))))))))))))))))

.

.

2014-01-21 23:03 . 2014-01-21 23:03 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer

2014-01-21 22:08 . 2014-01-21 22:27 -------- dc----w- C:\zoek_backup

2014-01-21 10:30 . 2014-01-21 12:05 -------- dc----w- C:\rsit

2014-01-14 18:37 . 2014-01-21 22:43 -------- d--h--r- c:\documents and settings\Goossens Freddy\Onlangs geopend

2013-12-25 17:20 . 2013-12-25 17:20 -------- d-----w- c:\documents and settings\Gast\Application Data\Logitech

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-10 20:17 . 2013-06-11 07:36 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2013-12-10 20:17 . 2013-06-03 21:35 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-06 18:46 . 2013-12-06 17:46 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys

2013-11-27 20:21 . 2002-09-11 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2013-11-13 03:00 . 2002-09-11 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-07 05:38 . 2002-09-11 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:36 . 2008-05-05 05:25 7680 ----a-w- c:\windows\system32\xpsp4res.dll

2013-10-30 02:51 . 2002-09-11 12:00 1879168 ----a-w- c:\windows\system32\win32k.sys

2013-10-29 07:45 . 2002-09-11 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-29 07:45 . 2002-09-11 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-10-29 07:45 . 2002-09-11 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-10-29 07:45 . 2002-09-11 12:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-29 00:48 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-09-14 11:47 . 2012-09-14 11:47 5982048 -c--a-w- c:\program files\Speccy.exe

2012-08-04 21:37 . 2012-08-04 21:37 298496 -c--a-w- c:\program files\cleanup_tool.exe

2011-08-30 10:16 . 2011-08-30 10:16 21073936 -c--a-w- c:\program files\vlc-1.1.11-win32.exe

2011-01-10 09:12 . 2011-02-05 13:36 17178064 -c--a-w- c:\program files\ExtraFilmDesigner-install.exe

2010-01-05 12:34 . 2010-01-05 12:34 1676680 -c--a-w- c:\program files\NeroCleanTool5.0.0.18.exe

2008-12-27 23:16 . 2008-12-27 23:16 9348296 -c--a-w- c:\program files\MSN_Messenger-7.5.exe

2007-12-11 20:48 . 2007-12-11 20:48 774144 -c--a-w- c:\program files\RngInterstitial.dll

2007-04-17 20:38 . 2007-04-17 20:38 4991776 -c--a-w- c:\program files\rminstall.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Everyday Auto Backup"="c:\program files\Everyday Auto Backup\AutoBackup.exe" [2013-02-21 245760]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-26 39408]

"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2013-12-21 698760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 2296600]

"F-Secure Hoster (44163)"="c:\program files\Telenet Security Pack\fshoster32.exe" [2013-01-18 188400]

"F-Secure Manager"="c:\program files\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE" [2013-08-20 310208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2013-06-13 19:31 64280 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^ExifLauncher2.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ExifLauncher2.lnk

backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Windows Search.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-11-21 16:57 959904 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everyday Auto Backup]

2013-02-21 16:15 245760 ----a-w- c:\program files\Everyday Auto Backup\AutoBackup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2013-07-31 20:30 2296600 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Hoster (44163)]

2013-01-18 10:06 188400 ----a-w- c:\program files\Telenet Security Pack\fshoster32.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]

2013-03-27 14:18 1098072 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 17:34 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-06-26 17:50 212992 ------w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-09 18:55 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-11-01 23:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2005-12-07 08:26 489472 -c--a-w- c:\program files\Logitech\Video\CameraAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

2004-11-01 15:22 262144 -c--a-w- c:\windows\system32\ElkCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

2005-12-07 08:33 73728 -c--a-w- c:\program files\Logitech\Video\InstallHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-12-09 14:32 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]

2010-03-16 08:36 337256 -c--a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPoi Monitor]

2010-03-26 15:10 2114808 ----a-w- c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-10-28 15:15 1406248 -c--a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-10-22 10:22 7700480 -c--a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-10-22 10:22 86016 -c--a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-22 10:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-05-28 14:37 394240 -c--a-w- c:\windows\system32\PSDrvCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]

2010-06-01 02:01 600928 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

2009-03-19 15:55 460216 -c--a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-07-25 06:58 20684656 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-01-26 22:29 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe]

2005-06-08 16:32 778318 ----a-w- c:\windows\system32\wltray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [6/12/2013 18:46 44240]

R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [10/02/2010 15:29 233816]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [27/08/2012 15:15 37664]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\apps\ComputerSecurity\HIPS\drivers\fshs.sys [11/12/2013 11:24 73328]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [30/12/2011 17:20 10136]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [6/12/2013 18:44 146472]

R3 fsni;fsni;c:\program files\Telenet Security Pack\apps\CCF_Scanning\fsnixp32.sys [25/04/2013 12:52 50112]

R3 fsnitdi;fsnitdi;c:\program files\Telenet Security Pack\apps\CCF_Scanning\fsnitdi32.sys [25/04/2013 12:52 21952]

S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [19/11/2009 18:44 39040]

S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 --> c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [?]

S3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [5/03/2013 19:03 24880]

S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\program files\Telenet Security Pack\apps\ComputerSecurity\Anti-Virus\fsbldrv.sys --> c:\program files\Telenet Security Pack\apps\ComputerSecurity\Anti-Virus\fsbldrv.sys [?]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [24/11/2011 21:40 15271]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [19/11/2009 18:44 54016]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-18 08:24 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2014-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 20:17]

.

2014-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd99a3820c71a8.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-01 18:40]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc2a5beed27624.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-01 18:40]

.

2014-01-22 c:\windows\Tasks\User_Feed_Synchronization-{3BE973D4-9E6D-4E8E-9D63-4BDC7B476278}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

2014-01-05 c:\windows\Tasks\Windows Install Clean Up.job

- c:\documents and settings\Goossens Freddy\Menu Start\Programma's\Windows Install Clean Up.lnk [2009-11-17 20:19]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

Trusted Zone: extrafilm.be\www

Trusted Zone: microsoft.com\oas.support

Trusted Zone: microsoft.com\office

Trusted Zone: microsoft.com\support

Trusted Zone: microsoft.com\www

Trusted Zone: msn.be\extra

Trusted Zone: pchelper.nl

TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

DPF: DirectAnimation Java Classes

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB

DPF: Microsoft XML Parser for Java

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2014-01-22 22:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fshoster]

"ImagePath"="\"c:\program files\Telenet Security Pack\fshoster32.exe\" -hosterid:0"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]

"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-796845957-220523388-682003330-1004\Software\Microsoft\Protected Storage System Provider\S-1-5-21-796845957-220523388-682003330-1004\Data\220d5cd0-853a-11d0-84bc-00c04fd43f8f\220d5cd1-853a-11d0-84bc-00c04fd43f8f\01c2e37c47609211*tT*0tT*0tT**]

"Behavior"=hex:02,00,00,00,02,00,00,00,10,00,00,00,57,00,69,00,6e,00,64,00,6f,

00,77,00,73,00,00,00,14,00,00,00,93,62,ec,9c,2d,4c,f3,2c,ba,b4,12,0d,93,00,\

"Item Data"=hex:02,00,00,00,18,00,00,00,3c,47,35,3d,3f,12,93,97,d2,ff,87,00,93,

d4,16,d0,a7,a3,cd,82,a0,0d,55,17,30,00,00,00,f4,d0,ec,b5,f4,70,09,19,2b,79,\

.

[HKEY_USERS\S-1-5-21-796845957-220523388-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\F-Secure\My Services Agent\Protected]

@Denied: ) (Everyone)

"AgentIdentifier"="1dab6ba8-8804-49e7-bc1a-0702ee09e84c"

"AuthorizationCode"=""

"44163_AgentIdentifier"="1dab6ba8-8804-49e7-bc1a-0702ee09e84c"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(960)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

- - - - - - - > 'explorer.exe'(9256)

c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\wltrysvc.exe

c:\windows\System32\bcmwltry.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

c:\program files\Microsoft\BingBar\BBSvc.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Telenet Security Pack\apps\CCF_Reputation\fsorsp.exe

c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

c:\program files\Telenet Security Pack\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Nero\Update\NASvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\fxssvc.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Telenet Security Pack\apps\ComputerSecurity\Common\FSMA32.EXE

c:\program files\Telenet Security Pack\apps\ComputerSecurity\Anti-Virus\fssm32.exe

c:\program files\Telenet Security Pack\fslauncher.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2014-01-22 22:49:23 - machine werd herstart

ComboFix-quarantined-files.txt 2014-01-22 21:49

.

Pre-Run: 34.718.400.512 bytes beschikbaar

Post-Run: 35.020.132.352 bytes beschikbaar

.

- - End Of File - - 0A5CACAD469301E533ABA7E82E605DE5

8F558EB6672622401DA993E1E865C861

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

Terug bij de zaak. Pc deed terug heel vervelend. Bij terug opstarten na combo Fix had ik de melding gekregen dat google chrome verkeerd afgesloten was en of ik wilde herstellen maar heb nee gekozen ,en dan wilde ik via snelkoppeling op bureaublad naar hier komen . het venster opende maar nu moest ik terug paswoord en gnaam invullen. Ik kon wel in die vakjes typen maar heb niet verder gedaan of gnaam omdat de tekst grijs bleef ipv zwart en heb dan het venster gesloten en via de link in mijn bericht willen gaan. Maar wilde ook niet openen.Het was al heel moeilijk met mijn outlook die enorm traag reageerde mmar dan om op de site van forum te geraken om de 10 sec.: niet reagerende pagina ( wat ik de laatste maanden ook al had he! Dit omdat mijn pc enorm traag loopt maar op dit moment overdreven. Een paar maal het venster gesloten en weer via bericht openen. Maar besefte dan dat ik terug mijn F-secure moest in dienst stellen, maar om naar de instellingen te gaan reageerd hij niet en na een paar maal stond ik op het punt het te verwijderen omdat ik dacht dat er iets mis mee was of verwijderd. Dan toch weer pc uitgedaan en heropstart en deze reageert nu goed. Outlook is nu ook sneller of daarstraks. Wisselen tussen tabbladen ook vlot.

Ik zal nu afsluiten want ik heb mijn bed nodig. Ik zie morgen wel verder.

Grtjs

Geplaatst:

Hallo goede morgen (al middag voor jou zeker zie ik) Ja deze morgen nu toch een perfekte opstart en zonder problemen naar en in outlook en ook naar jullie site en openen op nieuw tabblad. Dus nu geen probleem. Ik zie later wel of mijn opstartprobleem er nog is en kan dit wel nog eens melden maar volgens jullie zal dit wel blijven bestaan, want toen hebben jullie de oorzaak ook niet gevonden. PC te oud? wat ik dan wel eigenaardig vind. Dus meld ik daarom nog niet af en wacht ik nog enkele dagen.

Alvast terug bedankt

Geplaatst:

Hallo

er is waarschijnlijk iets met mijn instellingen in google chrome gebeurd. Ik kan geen icoontjes in een bericht met een fotopictogram meer openen. Weten jullie hoe dit komt? Is dit door opschonen pc? Als ik er op klik gebeurt er niets ofwel een lege blad.

Geplaatst:

In Chrome is er enkel een ongewenste extensie verwijderd, meer niet. Mogelijk moet je de bestandsextensie .jpg en andere afbeeldingsextensies koppelen aan het programma waarmee je deze normaal opent. Dat kan via "mapopties".

Geplaatst:
Maar ik heb hier geen menubalk in chrome
Dat koppelen van bestanden doe je in Windows via Extra -> Mapopties en niet in Chrome zelf.
Geplaatst:

Ok maar dit icoontje vind ik daar niet terug.het gaat dus wel over icoontjes die in berichten van een forum staan. de getypte linken gaan open.

Bij dat icoontje dat ik nu heb geprobeerd lukt het niet maat erboven stond een getypte link "klik" en dit lukt dan wel maar op andere gisteren zelfde icoontjes stond "klik" er niet. Ik weet niet uit welke reden dit zo gedaan word. Ik zal dit maar dan voorlopig laten.

Maar anderzijds bij opstarten terug geen volledige opstart "oud probleem". 1 icoontje onderaan maar en niet verder en voor de 1ste maal denk ik dat mij venster EAB (Every Day AutoBackup) bleelf leeg hangen. Daar iets mee te maken? Ikzelf denk het niet want vele malen zie ik in het opstarten dit venster passeren:openen en direct terug sluiten en dat hij verder blijft hangen of zelfs gans in begin na intypen paswoord.

Dit was even terzake want jullie hebben daar al op gezocht. Het ging hem over die melding die jullie vermoedens op F-secure hadden en wel zo zal zijn. Dit venster heb ik niet meer terug gekregen.

Na een beslissend antwoord zal ik dan de discussie afsluiten.

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.