margo78
-
Items
8 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door margo78
-
-
ComboFix 12-08-09.01 - Mary 10-08-2012 16:14:19.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.255.16 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Mary\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Mary\Bureaublad\CFscript.txt
.
FILE ::
"c:\windows\System32\drivers\ini910p.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_INI910P
-------\Service_ini910p
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))
.
.
2012-08-09 12:29 . 2012-08-09 12:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-05 14:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 14:31 . 2012-08-05 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-03 22:02 . 2012-08-03 22:02 9827016 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-03 15:22 . 2012-08-03 15:22 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2012-08-03 14:05 . 2012-08-03 14:05 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-07-31 15:15 . 2012-07-31 15:15 1409 ----a-w- c:\windows\QTFont.for
2012-07-31 11:10 . 2012-08-03 22:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 11:10 . 2012-08-03 22:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 14:28 . 2012-07-30 14:28 -------- d-sh--w- c:\documents and settings\Mary\IECompatCache
2012-07-30 14:27 . 2012-07-30 14:27 -------- d-sh--w- c:\documents and settings\Mary\PrivacIE
2012-07-30 14:24 . 2012-07-30 14:24 -------- d-sh--w- c:\documents and settings\Mary\IETldCache
2012-07-30 13:53 . 2012-07-30 13:57 -------- dc-h--w- c:\windows\ie8
2012-07-30 13:49 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-30 13:48 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-07-30 13:47 . 2012-05-11 14:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-30 13:47 . 2012-05-11 14:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-30 09:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-07-30 09:33 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-07-30 09:27 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-07-30 09:21 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-07-30 09:16 . 2012-05-28 18:17 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-07-30 09:00 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-30 09:00 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-07-30 09:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-07-29 16:45 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-07-29 16:43 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-07-29 16:43 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-07-29 16:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-07-29 16:41 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-07-29 16:41 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-07-29 16:41 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-07-29 16:41 . 2010-12-20 17:25 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-07-29 16:41 . 2010-12-09 15:15 739328 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-07-29 16:41 . 2012-05-05 03:15 2152960 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-07-29 16:30 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 12:27 . 2012-08-09 12:29 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-09 12:27 . 2011-03-05 14:52 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 11:02 . 2012-06-17 11:02 256 ----a-w- c:\documents and settings\Mary\pool.bin
2012-06-13 13:55 . 2004-08-03 22:56 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-03 23:03 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-02-25 20:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-02-25 20:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-02-25 20:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-02-25 20:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-02-25 20:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-05-26 03:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 23:03 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-02-25 20:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-02-25 20:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-03 23:03 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-03 23:03 916992 ----a-w- c:\windows\system32\wininet.dll
2006-02-05 22:25 . 2006-02-05 22:25 814592 -c--a-w- c:\program files\pixumup_nl.exe
2004-03-25 06:50 . 2005-02-03 23:58 1966080 -c--a-w- c:\program files\cuteftppro.BAK
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_20.06.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-10 14:48 . 2012-08-10 14:48 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-16 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-14 1086760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mary\Menu Start\Programma's\Opstarten\
Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-2-3 111376]
Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-3 51984]
Verbatim GREEN BUTTON.lnk - c:\program files\Verbatim GREEN BUTTON\GREEN BUTTON.exe [2011-5-18 463120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[bU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19275:TCP"= 19275:TCP:BitComet 19275 TCP
"19275:UDP"= 19275:UDP:BitComet 19275 UDP
"18643:TCP"= 18643:TCP:BitComet 18643 TCP
"18643:UDP"= 18643:UDP:BitComet 18643 UDP
"17155:TCP"= 17155:TCP:BitComet 17155 TCP
"17155:UDP"= 17155:UDP:BitComet 17155 UDP
"9087:TCP"= 9087:TCP:BitComet 9087 TCP
"9087:UDP"= 9087:UDP:BitComet 9087 UDP
"17800:TCP"= 17800:TCP:BitComet 17800 TCP
"17800:UDP"= 17800:UDP:BitComet 17800 UDP
.
S2 EraserSvc10922;Symantec Eraser Service;"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe" /h ccCommon --> c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31-7-2012 13:10 250056]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25-1-2010 17:56 102448]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [15-5-2012 16:45 113120]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 22:04]
.
2012-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-05-19 c:\windows\Tasks\Mary NBAgent.job
- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-14 20:34]
.
2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{C94E51BA-7F14-4C5A-8760-E484C61E8337}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter...
IE: MediaManager tool grab multimedia file
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\Mary\Application Data\Mozilla\Firefox\Profiles\uszip2t6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.nl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{82F25EE1-F69D-4162-B6AA-5AA10EF927C4} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-10 23:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2732)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-10 23:29:54 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-10 21:29
ComboFix2.txt 2012-08-09 20:16
.
Pre-Run: 22.910.234.624 bytes beschikbaar
Post-Run: 23.218.634.752 bytes beschikbaar
.
- - End Of File - - 08D34D8C71CCACEFE9425CB62DDA357D
-
ComboFix 12-08-09.01 - Mary 09-08-2012 21:33:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.255.6 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Mary\Bureaublad\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Mary\Application Data\PriceGong
c:\program files\GetModule
c:\windows\IsUn0413.exe
c:\windows\offitems.log
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\wintsvit.exe
c:\windows\wiaserviv.log
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-09 to 2012-08-09 ))))))))))))))))))))))))))))))
.
.
2012-08-09 12:29 . 2012-08-09 12:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-09 12:29 . 2012-08-09 12:27 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-05 14:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 14:31 . 2012-08-05 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-03 22:02 . 2012-08-03 22:02 9827016 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-03 15:22 . 2012-08-03 15:22 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2012-08-03 14:05 . 2012-08-03 14:05 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-07-31 15:15 . 2012-07-31 15:15 1409 ----a-w- c:\windows\QTFont.for
2012-07-31 11:10 . 2012-08-03 22:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 11:10 . 2012-08-03 22:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 14:28 . 2012-07-30 14:28 -------- d-sh--w- c:\documents and settings\Mary\IECompatCache
2012-07-30 14:27 . 2012-07-30 14:27 -------- d-sh--w- c:\documents and settings\Mary\PrivacIE
2012-07-30 14:24 . 2012-07-30 14:24 -------- d-sh--w- c:\documents and settings\Mary\IETldCache
2012-07-30 13:53 . 2012-07-30 13:57 -------- dc-h--w- c:\windows\ie8
2012-07-30 13:49 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-30 13:48 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-07-30 13:47 . 2012-05-11 14:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-07-30 13:47 . 2012-05-11 14:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-30 13:47 . 2012-05-11 14:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-30 09:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-07-30 09:33 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-07-30 09:27 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-07-30 09:21 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-07-30 09:21 . 2012-05-02 13:47 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-07-30 09:16 . 2012-05-28 18:17 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-07-30 09:00 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-30 09:00 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-07-30 09:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-07-30 08:56 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-07-29 16:45 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-07-29 16:44 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-07-29 16:43 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-07-29 16:43 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-07-29 16:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-07-29 16:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-07-29 16:30 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-07-29 16:28 . 2010-07-16 11:58 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 12:27 . 2011-03-05 14:52 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 11:02 . 2012-06-17 11:02 256 ----a-w- c:\documents and settings\Mary\pool.bin
2012-06-13 13:55 . 2004-08-03 22:56 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-03 23:03 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-02-25 20:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-02-25 20:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-02-25 20:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-02-25 20:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-02-25 20:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-05-26 03:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 23:03 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-02-25 20:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-02-25 20:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-03 23:03 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-03 23:03 916992 ----a-w- c:\windows\system32\wininet.dll
2006-02-05 22:25 . 2006-02-05 22:25 814592 -c--a-w- c:\program files\pixumup_nl.exe
2004-03-25 06:50 . 2005-02-03 23:58 1966080 -c--a-w- c:\program files\cuteftppro.BAK
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-16 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-14 1086760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19275:TCP"= 19275:TCP:BitComet 19275 TCP
"19275:UDP"= 19275:UDP:BitComet 19275 UDP
"18643:TCP"= 18643:TCP:BitComet 18643 TCP
"18643:UDP"= 18643:UDP:BitComet 18643 UDP
"17155:TCP"= 17155:TCP:BitComet 17155 TCP
"17155:UDP"= 17155:UDP:BitComet 17155 UDP
"9087:TCP"= 9087:TCP:BitComet 9087 TCP
"9087:UDP"= 9087:UDP:BitComet 9087 UDP
"17800:TCP"= 17800:TCP:BitComet 17800 TCP
"17800:UDP"= 17800:UDP:BitComet 17800 UDP
.
R2 EraserSvc10922;Symantec Eraser Service;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [x]
R2 ini910p;ini910p; [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 22:04]
.
2012-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-05-19 c:\windows\Tasks\Mary NBAgent.job
- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-14 20:34]
.
2012-08-08 c:\windows\Tasks\User_Feed_Synchronization-{C94E51BA-7F14-4C5A-8760-E484C61E8337}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter...
IE: MediaManager tool grab multimedia file
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\Mary\Application Data\Mozilla\Firefox\Profiles\uszip2t6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.nl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKCU-Run-sysguard - c:\windows\sysguard.exe
HKCU-Run-HighKey1 - c:\program files\HighKey\HighKey1.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
Notify-WgaLogon - (no file)
AddRemove-8461-7759-5462-8226 - D:\uninstall.exe
AddRemove-ALPlayer_is1 - c:\program files\ESTsoft\ALPlayer\unins000.exe
AddRemove-StudioDV - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-09 22:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-08-09 22:16:08
ComboFix-quarantined-files.txt 2012-08-09 20:16
.
Pre-Run: 22.518.034.432 bytes beschikbaar
Post-Run: 22.732.476.416 bytes beschikbaar
.
- - End Of File - - 5A230655532AA9AB74EE2143E92334A3
-
Ja weet ik, ik was gisteren weg dus heb de computer aan laten staan. Gisterenavond heb ik hem opnieuw opgestart en de hele nacht weer laten draaien.
Ik krijg dit ook constant, kan het daardoor komen? Ik had Mozilla niet openstaan ofzo?
[ATTACH]20357[/ATTACH]
-
Het lukt niet! Dat zwarte vakje blijft staan met: het scannen duurt 10 minuten en als er ernstige infecties zijn kan het tweemaal zolang duren. Heb het 3x geprobeerd.
-
Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download
Databaseversie: v2012.08.05.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mary :: MARGO-9F7B79467 [administrator]
5-8-2012 16:46:48
mbam-log-2012-08-05 (16-46-48).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 253016
Verstreken tijd: 34 minuut/minuten, 20 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Documents and Settings\Mary\Bureaublad\RemoveWGA.exe (PUP.RemoveWGA) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:08, on 5-8-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Verbatim GREEN BUTTON\GREEN BUTTON.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe
C:\Documents and Settings\Mary\Mijn documenten\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Verbatim GREEN BUTTON.lnk = C:\Program Files\Verbatim GREEN BUTTON\GREEN BUTTON.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Eraser Service (EraserSvc10922) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
--
End of file - 6086 bytes
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:49, on 4-8-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Verbatim GREEN BUTTON\GREEN BUTTON.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
C:\Documents and Settings\Mary\Mijn documenten\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AmeoToolbar - {82F25EE1-F69D-4162-B6AA-5AA10EF927C4} - C:\WINDOWS\system32\fejokt.dll (file missing)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Verbatim GREEN BUTTON.lnk = C:\Program Files\Verbatim GREEN BUTTON\GREEN BUTTON.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Eraser Service (EraserSvc10922) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
--
End of file - 6880 bytes
-
Hoi allemaal,
Ik heb een compaq pc van +/- 15 jaar oud. Hij is heel traag en sites op het internet blijven steeds vastzitten. Ik dacht eerst dat er misschien teveel op stond, dus heb mn foto's en videos etc. op een externe harde schijf gezet, maar dit helpt niet. Ik wil de pc soms echt het raam uitgooien! Maar ja heb geen geld voor een nieuwe. Kunnen jullie mij helpen?
Help! PC supertraag, blijft steeds vastzitten
in Archief Windows Algemeen
Geplaatst:
Ja hij is wel een stuk sneller. Hij blijft wel vastlopen, vooral bij internet of het openen van een pdf. Op internet blijft hij vaak hangen omdat een script niet reageert en dan zit hij helemaal vast. Welke internetprovider raad jij mij aan? Ik heb ook Anti-Virus bij m'n Telfort abonnement, maar als ik die installeer wordt hij helemaal traag. Heb je nog iets om programma's, bestanden etc op te ruimen? Ik krijg vaak dat ik onvoldoende virtueel geheugen heb. Daardoor deed die combifix volgens mij ook vervelend.