Ga naar inhoud

LeBe

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    23

  • Registratiedatum

  • Laatst bezocht

LeBe's prestaties

Leerling

Leerling (3/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. LeBe
    Beste probleem oplosser, Ik heb een wat oudere pc met Windows XP waarbij ik geen internetverbinding meer hebt. Situatie: Experia box V8 ----bedraad------> Thomson---bedraad----->PC. Ik heb op zolder een Thomson router geplaatst om op zolder ook WiFi te hebben. De pc is gekoppeld aan de Thomson router. Dit is een jaar goed gegaan. Sinds 1 maand gaat het de ene keer wel goed en de andere keer niet. Inmiddels heb ik de Thomson losgekoppeld en de PC direct verbonden met de ExperiaV8. Is even goed gegaan, maar nu helemaal niet meer. Volgens de PC is deze wel verbonden, maar ik kan internet niet op. Acties wat niet heeft geholpen: - Experia V8 opnieuw opgestart - Experia V8 gereset - PC IPadres vernieuwen Kan u mij verder helpen? met vriendelijke groet, LeBez
  2. LeBe
    De laptop sneller geworden. Alhoewel internet explorer erg traag is. Mozilla Firefox is wel snel. Alleen beeld en geluid komt niet overeen bij bijvoorbeeld uitzendinggemist of rtlgemist. Dit heeft het tot 4 weken geleden altijd goed gedaan. Totdat de laptop steeds trager werd. Is dit ook op te lossen?
  3. LeBe
    Removal Tool is ook aan de gang geweest. McAfee is nu verwijdert.
  4. LeBe
    Beste Kape, Hieronder de nieuwe combofix log. De problemen zin in de afgelopen maanden erger geworden. Ook voor de installatie van McCaffee. Ik weet niet met welk doel McCaffee is geinstalleerd. Deze wordt vooral door de kinderen gebruikt. Wellicht dat zij dit hebben geïnstalleerd:dong: ComboFix 13-06-08.02 - Gebruiker 17-06-2013 16:42:31.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.663 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\TuneUp Utilities 2012 c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_TUNEUP.UTILITIESSVC -------\Legacy_TUNEUPUTILITIESDRV -------\Service_TuneUp.UtilitiesSvc -------\Service_TuneUpUtilitiesDrv . . (((((((((((((((((((( Bestanden Gemaakt van 2013-05-17 to 2013-06-17 )))))))))))))))))))))))))))))) . . 2013-06-10 18:03 . 2013-06-10 18:03 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-10 18:03 . 2013-06-10 18:03 -------- d-----w- c:\program files\Trend Micro 2013-05-23 07:29 . 2013-05-23 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2013-05-19 20:59 . 2013-05-19 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-11 19:18 . 2012-08-31 07:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-11 19:18 . 2012-02-14 22:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-07 22:27 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:27 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-05-07 22:27 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2013-05-03 05:39 . 2004-08-04 00:58 2074496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-03 05:39 . 2006-03-02 12:00 2197888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-02 15:28 . 2012-02-14 22:38 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 11:24 13880] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 14:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 14:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 20:19 143680] . Inhoud van de 'Gedeelde Taken' map . 2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 19:18] . 2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q4z2quow.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-06-17 16:51 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1152) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3456) c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Voltooingstijd: 2013-06-17 16:54:24 - machine werd herstart ComboFix-quarantined-files.txt 2013-06-17 14:54 ComboFix2.txt 2013-06-12 18:47 ComboFix3.txt 2012-11-10 14:54 ComboFix4.txt 2012-11-10 13:52 . Pre-Run: 7.696.719.872 bytes beschikbaar Post-Run: 8.172.486.656 bytes beschikbaar . - - End Of File - - 45C294A4E6C2D569B0B231198DE6D5E3 3051207086651214E435112E51817DC5
  5. LeBe
    Beste Kape, Hierbij de ComboFix log: ComboFix 13-06-08.02 - Gebruiker 12-06-2013 20:40:23.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.619 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech\Toolbar c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech\Toolbar\settings.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))) . . 2013-06-12 18:27 . 2013-06-12 18:27 -------- d-----w- c:\windows\LastGood 2013-06-10 18:03 . 2013-06-10 18:03 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-10 18:03 . 2013-06-10 18:03 -------- d-----w- c:\program files\Trend Micro 2013-05-23 07:29 . 2013-05-23 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2013-05-19 20:59 . 2013-05-19 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-11 19:18 . 2012-08-31 07:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-11 19:18 . 2012-02-14 22:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-02 15:28 . 2012-02-14 22:38 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:26 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-04-16 22:26 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:30 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 11:24 13880] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29-5-2012 17:27 1528672] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 14:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 14:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 20:19 143680] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 19:18] . 2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q4z2quow.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vuBkdtU&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 204607530000000000000016412034a4 FF - user.js: extensions.incredibar_i.instlDay - 15500 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:52 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8vuBkdtU FF - user.js: extensions.incredibar_i.upn2n - 92824506633261346 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.newTab - false FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 204607530000000000000016412034a4 FF - user.js: extensions.Softonic.instlDay - 15502 FF - user.js: extensions.Softonic.vrsn - 1.5.24.3 FF - user.js: extensions.Softonic.vrsni - 1.5.24.3 FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.315:17 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00005 FF - user.js: extensions.Softonic.dfltLng - FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-06-12 20:45 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1148) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2013-06-12 20:47:43 ComboFix-quarantined-files.txt 2013-06-12 18:47 ComboFix2.txt 2012-11-10 14:54 ComboFix3.txt 2012-11-10 13:52 . Pre-Run: 6.061.957.120 bytes beschikbaar Post-Run: 8.199.254.016 bytes beschikbaar . - - End Of File - - 3416FDA968B0AF27610E3D98B1850B8E 3051207086651214E435112E51817DC5 - - - Updated - - - Beste Kape, Ooit heb ik TuneUp Utilities gedownload om de computer te "tunen". Daarna heb ik het programma willen verwijderen, is wel weg uit de lijst me geïnstalleerde programma's, maar draait altijd op de achtergrond nog mee. Kan dat mede het probleem zijn?
  6. LeBe
    Beste, Mijn laptop is sinds een aantal weken zwaar traag. Heb er al wat programma's van afgehaald, maar vooral internet is zwaar traag. Hieronder wel alvast een Hijackthis logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:04:52, on 10-6-2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Gebruiker/Bureaublad/Startpagina2.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" O4 - HKLM\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-45096988-2344995715-2606854980-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Yoran') O4 - HKUS\S-1-5-21-45096988-2344995715-2606854980-1008\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Yoran') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343996807843 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- End of file - 8547 bytes Hoor graag van u wat er aan te doen is. gr. LeBe
  7. LeBe
    Het is gelukt! ik heb geluid. Hartelijk dank voor je hulp. Vr. gr. LeBe
  8. LeBe
    Zover ik kan zien, is er geen aparte geluidskaartaanwezig. De aansluitingen voor de koptelefoon ed zitten direct op het motherboard. Ik zal eerder genoemde geluidsdrivers proberen. - - - Updated - - - Zojuist de "deze geluidsdriver" link gedownload. De computer werd opnieuw opgestart. Welke actie moet er nu worden uitgevoerd? Ik heb in apparaatbeheer gekeken, maar daar wordt de nieuwe download niet gedetecteerd. Of is het zo dat de download gekoppeld moet worden aan apparaatbeheer? Ik heb hier bar weinig verstand van ;-)
  9. LeBe
    Dit is een zakelijke pc geweest. Waarschijnlijk is alles er afgehaald en er opnieuw opgezet om verkocht te kunnen worden. Ik weet niet of de chipsetdriver ed ook zijn geïnstalleerd. Ik heb het type nog eens nagekeken, het gaat echt om de: Type plaatje: HP Workstation xw4400 xw4400X/XK2.40/F250/K2.0/Xx/p P/N: PW375ET#ABH
  10. LeBe
    Bedankt voor je snelle reactie, Merk: HP Type xw 440 Workstation http://speccy.piriform.com/results/SigccnAkbqHjOudS46U7EPc Er staat bij apparaat beheer een gele vraagteken bij:Overige apparaten->onbekend apparaat. Ik hoop je hiermee voldoende te hebben geïnformeerd. Gr. LeBe
  11. LeBe
    Beste, 2 dagen geleden heb ik een computer gekregen, maar geluid werkt niet. Voor zover ik kan beoordelen, is de geluidskaart niet geïnstalleerd. Kan iemand mij daarbij helpen? Alvast dank. Gr. LeBe
  12. LeBe
    Beste, Bij Online tv kijken of uitzendinggemist heb ik last van slecht beeld(korrelig). Regelmatig is de laptop aan het bufferen. Waar kan dit mee te maken hebben?
  13. LeBe
    Super resultaat! Is een stuk sneller geworden en dat werkt zeer prettig. Bedankt voor je hulp!!
  14. LeBe
    Hierij de Combofix log: ComboFix 12-11-09.02 - Gebruiker 10-11-2012 15:42:27.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.499 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant c:\program files\Web Assistant\ExtensionUpdaterService.exe c:\program files\Web Assistant\Firefox\chrome.manifest c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Web Assistant\Firefox\chrome\content\main.js c:\program files\Web Assistant\Firefox\chrome\content\main.xul c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js c:\program files\Web Assistant\Firefox\install.rdf c:\program files\Web Assistant\InstallerHelper.dll c:\program files\Web Assistant\libraries\DataExchangeScript.js c:\program files\Web Assistant\resources\localscript.js c:\program files\Web Assistant\source.crx c:\program files\Web Assistant\unins000.dat c:\program files\Web Assistant\unins000.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WEB_ASSISTANT_UPDATER -------\Service_Web Assistant Updater . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))) . . 2012-11-10 13:57 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DF2D4A4-E7EF-4765-83C7-3B64093A0B17}\mpengine.dll 2012-11-10 13:53 . 2012-11-10 13:54 -------- d-----w- C:\Virusverwijdering 2012-11-08 07:14 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-07 13:48 . 2012-11-07 13:48 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-07 13:47 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-02 15:55 . 2012-11-02 16:05 -------- d-----w- c:\windows\system32\Adobe 2012-10-27 09:43 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-10-27 09:43 . 2008-04-14 20:32 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-10-27 09:43 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2012-10-27 09:43 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2012-10-15 12:08 . 2012-10-15 12:08 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Exstora 2012-10-15 12:07 . 2012-10-15 12:09 -------- d-----w- c:\program files\Exstora Pro 2012-10-15 12:03 . 2012-10-15 12:03 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech 2012-10-15 11:49 . 2012-08-30 01:01 15432 ----a-w- c:\windows\Launcher.exe 2012-10-15 11:49 . 2012-10-15 12:05 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\DownTangoLauncherToolbar 2012-10-15 11:49 . 2012-10-15 11:49 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\DownTango . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 10:24 . 2012-08-31 07:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 10:24 . 2012-02-14 22:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe 2012-08-30 20:03 . 2012-03-20 18:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:17 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2006-03-02 12:00 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 10:24 13880] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29-5-2012 16:27 1528672] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 13:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 13:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 19:19 143680] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 10:24] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\Web Assistant\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-10 15:51 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1140) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3584) c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\SearchIndexer.exe c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Voltooingstijd: 2012-11-10 15:54:19 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-10 14:54 ComboFix2.txt 2012-11-10 13:52 . Pre-Run: 13.211.783.168 bytes beschikbaar Post-Run: 13.257.031.680 bytes beschikbaar . - - End Of File - - A939BBB0467CDE1FC3D474B8E0A59F74
  15. LeBe
    Hierbij de combofix log: ComboFix 12-11-09.02 - Gebruiker 10-11-2012 14:45:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.570 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gebruiker\Application Data\PriceGong c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\1.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\11323.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\11360.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\11935.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\2229.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\2258.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\2912.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\3736.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\3773.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\4432.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\4489.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\5371.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\7008.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\a.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\b.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\c.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\d.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\e.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\f.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\g.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\h.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\i.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\j.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\k.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\l.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\m.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\n.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\o.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\p.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\q.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\r.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\s.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\t.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\u.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\v.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\w.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\x.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\y.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\z.txt c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SETC1.tmp c:\windows\system32\SETC5.tmp c:\windows\system32\SETCD.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))) . . 2012-11-09 20:30 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C31C2C4-8BDC-4DC9-9A31-106DB7745BE4}\mpengine.dll 2012-11-08 07:14 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-07 13:48 . 2012-11-07 13:48 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-07 13:47 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-02 15:55 . 2012-11-02 16:05 -------- d-----w- c:\windows\system32\Adobe 2012-10-27 09:43 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-10-27 09:43 . 2008-04-14 20:32 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-10-27 09:43 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2012-10-27 09:43 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2012-10-15 12:08 . 2012-10-15 12:08 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Exstora 2012-10-15 12:07 . 2012-10-15 12:09 -------- d-----w- c:\program files\Exstora Pro 2012-10-15 12:03 . 2012-10-15 12:03 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech 2012-10-15 11:49 . 2012-08-30 01:01 15432 ----a-w- c:\windows\Launcher.exe 2012-10-15 11:49 . 2012-10-15 12:05 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\DownTangoLauncherToolbar 2012-10-15 11:49 . 2012-10-15 11:49 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\DownTango . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 10:24 . 2012-08-31 07:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 10:24 . 2012-02-14 22:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe 2012-08-30 20:03 . 2012-03-20 18:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:17 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2006-03-02 12:00 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 10:24 13880] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29-5-2012 16:27 1528672] R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9-6-2012 17:52 188760] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 13:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 13:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 19:19 143680] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 10:24] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab . - - - - ORPHANS VERWIJDERD - - - - . BHO-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) AddRemove-DealPly - c:\program files\DealPly\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-10 14:50 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1136) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-11-10 14:52:44 ComboFix-quarantined-files.txt 2012-11-10 13:52 . Pre-Run: 12.323.368.960 bytes beschikbaar Post-Run: 13.340.221.440 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 1EC31B89AA7ED1C3A09C2A5D4E512679
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.