Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Het zou erg vreemd zijn dat AdwCleaner de oorzaak zou zijn van een nieuwe vertraging. Integendeel ... dit programma heeft nog meer storende bestanden en registeringangen van je PC gehaald.

En McAfee stond eerder ook al op je PC, dus zou je ook door dat AV-programma al eerder een invloed op de snelheid moeten hebben opgemerkt. Bovendien zijn er in je nieuwe logjes geen storende factoren (zeker niet op malwarevlak) te bespeuren.

Dan kijken we nog even wat dieper:

Download 51a5bf3d99e8a-ComboFixlogo16.pngComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.

  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

Hallo

Zal proberen dit vandaag nog uit te voeren. Heb op de betreffende pc firefox opgestart maar ben nog steeds aan het wachten tot het opstart! Gisteren was ook alles traag aan het lopen op een bepaald moment kan je dan wel eventjes vlot werken maar daarna....

groeten

Ludo

Geplaatst:

Hier de log van combofix:

ComboFix 14-03-23.01 - ZB17 23/03/2014 19:46:07.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3071.2083 [GMT 1:00]

Gestart vanuit: c:\documents and settings\ZB17\Mijn documenten\Downloads\ComboFix.exe

AV: McAfee Antivirus en antispyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\_ctypes.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\_elementtree.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\_hashlib.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\_multiprocessing.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\_socket.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\_ssl.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\pyexpat.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\pysqlite2._sqlite.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\python27.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\pythoncom27.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\PyWinTypes27.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\select.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\unicodedata.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32api.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32com.shell.shell.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32crypt.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32event.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32file.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32inet.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32pdh.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32pipe.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32process.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32profile.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32security.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\win32ts.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\windows._lib_cacheinvalidation.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wx._controls_.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wx._core_.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wx._gdi_.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wx._html2.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wx._misc_.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wx._windows_.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wx._wizard.pyd

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wxbase294u_net_vc90.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wxbase294u_vc90.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wxmsw294u_adv_vc90.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wxmsw294u_core_vc90.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wxmsw294u_html_vc90.dll

c:\docume~1\ZB17\LOCALS~1\Temp\_MEI45442\wxmsw294u_webview_vc90.dll

c:\documents and settings\ZB17\Bureaublad\Setup.exe

c:\documents and settings\ZB17\GoToAssistDownloadHelper.exe

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\_ctypes.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\_elementtree.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\_hashlib.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\_multiprocessing.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\_socket.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\_ssl.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\pyexpat.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\pysqlite2._sqlite.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\python27.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\pythoncom27.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\PyWinTypes27.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\select.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\unicodedata.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32api.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32com.shell.shell.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32crypt.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32event.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32file.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32inet.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32pdh.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32pipe.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32process.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32profile.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32security.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\win32ts.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\windows._lib_cacheinvalidation.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wx._controls_.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wx._core_.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wx._gdi_.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wx._html2.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wx._misc_.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wx._windows_.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wx._wizard.pyd

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wxbase294u_net_vc90.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wxbase294u_vc90.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wxmsw294u_adv_vc90.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wxmsw294u_core_vc90.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wxmsw294u_html_vc90.dll

c:\documents and settings\ZB17\Local Settings\Temp\_MEI45442\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2014-02-23 to 2014-03-23 ))))))))))))))))))))))))))))))

.

.

2014-03-22 09:00 . 2014-03-22 09:21 -------- d-----w- C:\rsit

2014-03-21 17:58 . 2014-03-21 18:02 -------- d-----w- C:\AdwCleaner

2014-03-21 12:23 . 2014-03-21 12:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2014-03-21 12:18 . 2014-03-21 12:00 24064 ----a-w- c:\windows\zoek-delete.exe

2014-03-21 09:14 . 2014-03-21 09:29 15144 ----a-w- c:\windows\GetSusp.sys

2014-03-21 07:18 . 2014-03-21 07:18 -------- d-----w- c:\documents and settings\ZB17\Application Data\Malwarebytes

2014-03-21 07:07 . 2014-03-21 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2014-03-21 07:06 . 2014-03-21 07:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-03-21 07:06 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-03-20 09:36 . 2014-03-22 09:20 -------- d-----w- c:\program files\trend micro

2014-03-20 09:31 . 2014-03-21 12:17 -------- d-----w- C:\zoek_backup

2014-03-19 10:01 . 2014-03-19 14:59 -------- d-----w- c:\program files\Mozilla Thunderbird

2014-03-17 09:31 . 2014-03-22 08:41 -------- d--h--r- c:\documents and settings\ZB17\Onlangs geopend

2014-03-13 15:42 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe

2014-02-27 10:52 . 2014-02-27 10:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2014-02-27 09:52 . 2014-02-27 09:52 -------- d-----w- c:\windows\system32\wbem\Repository

2014-02-27 09:08 . 2014-02-27 09:08 -------- d-----w- c:\windows\LastGood(2)

2014-02-27 09:00 . 2014-02-27 09:51 -------- d-----w- c:\documents and settings\ZB17\Local Settings\Application Data\Htc

2014-02-27 09:00 . 2014-02-27 09:51 -------- d-----w- c:\documents and settings\ZB17\Application Data\HTC

2014-02-27 08:57 . 2014-02-27 09:51 -------- d-----w- c:\program files\HTC

2014-02-27 08:57 . 2014-02-27 08:57 -------- d-----w- c:\program files\Common Files\Adobe AIR

2014-02-25 07:59 . 2014-02-25 07:59 -------- d-----w- c:\windows\Performance

2014-02-25 07:59 . 2014-02-25 07:59 -------- d-----w- c:\documents and settings\ZB17\Local Settings\Application Data\Microsoft Corporation

2014-02-25 07:59 . 2014-02-25 07:59 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2014-02-25 07:45 . 2014-02-25 07:45 -------- d-----w- c:\program files\Windows Easy Transfer 7

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-11 18:48 . 2012-05-20 06:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-03-11 18:48 . 2011-05-20 08:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-02-27 10:52 . 2012-06-22 09:24 145408 ----a-w- c:\windows\system32\javacpl.cpl

2014-02-24 16:05 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2014-02-24 11:35 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2014-02-24 11:35 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll

2014-02-24 11:35 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2014-02-24 10:59 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2014-02-07 06:36 . 2004-08-04 12:00 1879168 ----a-w- c:\windows\system32\win32k.sys

2014-02-05 08:55 . 2004-08-04 12:00 563200 ----a-w- c:\windows\system32\qedit.dll

2014-01-27 08:18 . 2012-04-18 19:49 61400 ----a-w- c:\windows\system32\drivers\cfwids.sys

2014-01-27 08:11 . 2012-04-18 19:40 175480 ----a-w- c:\windows\system32\mfevtps.exe

2014-01-27 08:11 . 2012-04-18 19:49 92216 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2014-01-27 08:06 . 2011-10-15 10:16 573840 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2014-01-27 08:05 . 2012-12-12 08:15 85544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2014-01-27 08:04 . 2012-04-18 19:49 366248 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2014-01-27 08:04 . 2012-04-18 19:49 66408 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2014-01-27 08:03 . 2012-04-18 19:49 236480 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2014-01-27 08:02 . 2011-10-15 10:16 134568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2014-01-21 02:49 . 2013-09-20 07:37 10632 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2014-01-21 02:49 . 2013-09-20 07:37 81264 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2014-01-21 02:48 . 2013-09-20 07:37 330248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr

2014-01-04 08:45 . 2014-01-04 08:45 87752 ----a-w- c:\windows\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys

2014-01-04 03:12 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2004-04-22 12:41 . 2011-05-21 06:58 33792 -c--a-w- c:\program files\regdll.dll

2004-04-22 12:41 . 2011-05-21 06:58 44744 -c----w- c:\program files\stusb2ir.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\ZB17\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\ZB17\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\ZB17\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\ZB17\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-13 18:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-13 18:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-13 18:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-19 39408]

"Akamai NetSession Interface"="c:\documents and settings\ZB17\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-04 4489472]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]

"Spotify Web Helper"="c:\documents and settings\ZB17\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-09-09 1104384]

"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2013-05-23 455608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-01-28 1413120]

"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]

"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]

"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]

"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392]

"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"NvMediaCenter"="NvMCTray.dll" [2013-12-19 376096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5011\Belkinwcui.exe -T [2012-5-10 1589248]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-10-27 17:17 207424 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-08-16 07:07 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]

2008-07-21 16:16 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]

2010-05-25 17:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

2013-09-09 14:02 4643328 ----a-w- c:\documents and settings\ZB17\Application Data\Spotify\spotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2013-09-09 14:02 1104384 ----a-w- c:\documents and settings\ZB17\Application Data\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-12-07 18:24 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2014-01-14 07:26 5625624 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-05-19 10:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Creative Service for CDROM Access"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=

"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Seizoen 2010\\PCM.exe"=

"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Seizoen 2010\\Autorun\\Exe\\Autorun.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\hasplms.exe"=

"c:\\Documents and Settings\\ZB17\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\SoulseekNS\\slsk.exe"=

"c:\\Program Files\\EPLAN\\Education\\2.0.5\\BIN\\W3u.exe"=

"c:\\Documents and Settings\\ZB17\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.12.game"=

"c:\\Documents and Settings\\ZB17\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=

"c:\\Program Files\\XBMC\\XBMC.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1048:TCP"= 1048:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [16/10/2013 17:38 281560]

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [18/04/2012 20:50 66296]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15/06/2007 8:52 143256]

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [10/06/2011 21:42 3333808]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18/10/2011 14:44 232512]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [18/04/2012 20:49 92216]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [18/04/2012 20:50 54776]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12/07/2011 22:55 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 19:54 116608]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/05/2012 16:03 38144]

R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [16/10/2013 17:38 281560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/04/2012 20:49 167784]

R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [16/10/2013 17:38 145568]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [16/10/2013 17:38 281560]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [16/10/2013 17:38 281560]

R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [16/10/2013 17:38 281560]

R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [16/10/2013 17:39 644088]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [18/04/2012 20:49 169800]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [18/04/2012 20:40 175480]

R2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 19:11 229688]

R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [23/05/2007 1:17 20539]

R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [29/01/2014 9:12 1593632]

R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [10/05/2012 16:04 273280]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [18/04/2012 20:49 61400]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [18/04/2012 20:49 366248]

R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [20/09/2013 8:37 330248]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/12/2012 9:15 85544]

S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [19/05/2011 9:41 37376]

S3 GetSusp;GetSusp;c:\windows\GetSusp.sys [21/03/2014 10:14 15144]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [9/12/2012 11:36 147912]

S3 lredbooo;lredbooo;\??\c:\docume~1\ZB17\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\ZB17\LOCALS~1\Temp\lredbooo.sys [?]

S3 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [12/06/2007 19:54 61440]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16/01/2014 1:39 235696]

S3 MFE_RR;MFE_RR;\??\c:\docume~1\ZB17\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\ZB17\LOCALS~1\Temp\mfe_rr.sys [?]

S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [20/09/2013 8:37 81264]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/12/2012 9:15 85544]

S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [21/05/2011 7:58 44744]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [18/01/2011 16:38 54144]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/07/2009 4:08 47128]

S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [22/09/2011 16:10 238696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [22/09/2011 16:17 370024]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-15 16:54 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 18:58]

.

2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 10:48]

.

2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 10:48]

.

2014-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job

- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-08 07:48]

.

2014-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job

- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-08 07:48]

.

2014-03-23 c:\windows\Tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job

- c:\windows\system32\xp_eos.exe [2014-03-13 23:28]

.

2014-03-17 c:\windows\Tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job

- c:\windows\system32\xp_eos.exe [2014-03-13 23:28]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = <local>;*.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\ZB17\Application Data\Mozilla\Firefox\Profiles\jw265k58.default-1395399468265\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/|http://www.gentblogt.be/|http://www.standaard.be/|http://www.fiets.nl/|https://www.bnpparibasfortis.be/private/start.asp|http://www.2dehands.be/markt/2/campagnolo/|https://eu.mail.arcelormittal.com/OWA/auth/logon.aspx?replaceCurrent=1&reason=2&url=https%3a%2f%2fEU.Mail.ArcelorMittal.com%2fOWA%2f

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-Polar Sync - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2014-03-23 19:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??<~0?9~????*?9~??:~????w?;~????m???h???????????????L???L?????????:~w?;~????m???h???????????????? ?sw?;~????m???h???????L??????????sm???h???????m???????$???x??sm???h??????????????? S:~h???N??????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-842925246-448539723-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:a3,74,56,56,52,e9,5b,6a,bb,f3,70,39,d7,86,26,fa,ee,1c,2a,e8,92,

47,09,31,64,13,fc,7f,d2,40,36,3f,16,64,2d,82,83,6e,54,f4,d5,7a,f7,c2,e8,6a,\

"rkeysecu"=hex:10,70,16,06,00,67,21,51,15,82,01,5c,36,9e,70,08

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(772)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\documents and settings\ZB17\Application Data\Dropbox\bin\DropboxExt.22.dll

c:\program files\Google\Drive\googledrivesync32.dll

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\hasplms.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Maxtor\Sync\SyncServices.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\RTHDCPL.EXE

c:\program files\ASUS\AASP\1.00.59\aaCenter.exe

c:\program files\Belkin\F5D7050v5011\Belkinwcui.exe

c:\windows\System32\vssvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\McAfee\MAT\McPvTray.exe

c:\progra~1\mcafee.com\agent\mcupdate.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Voltooingstijd: 2014-03-23 20:04:35 - machine werd herstart

ComboFix-quarantined-files.txt 2014-03-23 19:04

.

Pre-Run: 201.971.867.648 bytes beschikbaar

Post-Run: 202.821.201.920 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - FEFD1095A15332BE448AF6E2ACB41B27

3051207086651214E435112E51817DC5

Geplaatst:

Download 51a46ae42d560-malwarebytes_anti_malware.pngMalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
  • Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga dan naar "Scanner Instellingen". Onderaan bij "PUP" kies je voor "Weergeven in scan resultaten - selecteren voor verwijdering".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Herstart de computer indien nodig en post hierna de log als bijlage in het volgende bericht.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Geplaatst:

hallo

Ik had dit programma reeds laten lopen voordat ik naar jullie forum ging.

En had dit gisteren ook laten lopen. Kan bestanden niet als bijlage mee geven, steeds fout op een script als ik dit wil doen. Zal beide logs meegeven.

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free Anti-Malware

Databaseversie: v2014.03.21.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

ZB17 :: ZB17-85B38D1CFF [administrator]

21/03/2014 10:33:37

mbam-log-2014-03-21 (10-33-37).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 277442

Verstreken tijd: 45 minuut/minuten, 38 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1

HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 2

C:\Documents and Settings\ZB17\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Documents and Settings\ZB17\Application Data\OpenCandy\9F97626A4700497891FEE1061A8294CD (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 3

C:\Documents and Settings\ZB17\Mijn documenten\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Documents and Settings\ZB17\Mijn documenten\Downloads\PDFConverterSetup.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Documents and Settings\ZB17\Application Data\OpenCandy\9F97626A4700497891FEE1061A8294CD\TuneUpUtilities2013_2200258_nl-NL.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Van gisteren

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free Anti-Malware

Databaseversie: v2014.03.21.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

ZB17 :: ZB17-85B38D1CFF [administrator]

24/03/2014 9:57:31

mbam-log-2014-03-24 (09-57-31).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 251129

Verstreken tijd: 13 minuut/minuten, 15 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Geplaatst:

Ga naar de site van ESET Online Scanner.

Klik op de knop “Run ESET Online Scanner”

In een apart scherm krijg je de vraag om EsetSmartInstaller te downloaden

Klik op de link van esetsmartinstaller_enu.exe en dan start de download automatisch op.

Kies voor “Download” van dit bestand.

Klik op “uitvoeren” van dit bestand esetsmartinstaller_enu.exe

Zet een vinkje bij “YES, I accept the Terms of Use”

Klik op “Start”

Klik op "Advanced settings"

Zet een vinkje bij de volgende opties:

  • Remove found threats
  • Scan archives
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Klik op “Start”

De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.

Je mag het venster sluiten wanneer de scan klaar is.

Post het geopende logje in het volgende bericht als bijlage. Dit logje vind je op de locatie C:\\Program Files\\Eset\\EsetOnlineScanner\\log.txt

Geplaatst:

voorlopig lijkt alles normaler te werken dan enkele dagen geleden! Ik zal dit nog in de gaten houden tot na het weekend en dan nog eens het resultaat hier laten weten.

Alvast bedankt

Ludo

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.