Ga naar inhoud

Laptop loopt ineens elke keer vast

joska

Door joska
in Archief Hardware algemeen

 Delen

Aanbevolen berichten

joska Meewerkend lid

joska

Geplaatst:
Geplaatst:

Laptop loopt ineens elke keer vast, durf muis niet meer te bewegen.

Kan heel kort werken, en dan alleen met aan uit knop verder.

Dan opstarten en soms lukt dat ook niet.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:47:15, on 11-10-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab

O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab

O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - http://www.crtvg.es/camweb/camera.cab

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

--

End of file - 9979 bytes

Link naar reactie
Delen op andere sites
  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
joska Meewerkend lid

joska

Geplaatst:
  • Auteur
Geplaatst:

Na nogmaals meerdere keren te hebben gedownload, en uninstall onverwacht gelukt.

ComboFix 12-10-14.03 - Gebruiker 15-10-2012 10:34:50.12.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2940.2313 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_ctypes.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_elementtree.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_hashlib.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_socket.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_ssl.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pyexpat.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pysqlite2._sqlite.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\python26.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pythoncom26.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pywintypes26.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\select.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\unicodedata.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32api.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32com.shell.shell.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32crypt.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32event.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32file.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32inet.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32pdh.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32process.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32security.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\windows._cacheinvalidation.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._controls_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._core_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._gdi_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._html2.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._misc_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._windows_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._wizard.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxbase293u_net_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxbase293u_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_adv_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_core_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_html_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_webview_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_ctypes.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_elementtree.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_hashlib.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_socket.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_ssl.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pyexpat.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pysqlite2._sqlite.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\python26.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pythoncom26.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pywintypes26.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\select.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\unicodedata.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32api.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32com.shell.shell.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32crypt.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32event.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32file.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32inet.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32pdh.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32process.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32security.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\windows._cacheinvalidation.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._controls_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._core_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._gdi_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._html2.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._misc_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._windows_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._wizard.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxbase293u_net_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxbase293u_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_adv_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_core_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_html_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_webview_vc.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-15 to 2012-10-15 ))))))))))))))))))))))))))))))

.

.

2012-10-11 11:53 . 2012-10-13 18:03 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend

2012-10-11 11:43 . 2012-10-11 11:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-10-10 18:47 . 2012-10-10 18:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG

2012-10-07 17:50 . 2012-10-07 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG

2012-10-07 17:50 . 2012-10-07 17:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2012-10-07 17:34 . 2012-10-07 17:34 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG2013

2012-10-07 17:33 . 2012-10-07 17:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2013

2012-10-07 17:33 . 2012-10-07 17:33 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software

2012-10-07 17:33 . 2012-10-07 17:33 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG Secure Search

2012-10-07 17:32 . 2012-10-07 17:32 -------- d-----w- c:\documents and settings\All Users\AVG Secure Search

2012-10-07 17:30 . 2012-10-07 17:34 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013

2012-10-07 17:30 . 2012-10-07 17:30 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\MFAData

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 16:21 . 2012-04-05 13:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 16:21 . 2011-08-10 07:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:17 . 2009-02-17 09:25 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2009-02-17 09:24 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2009-02-17 09:24 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2009-02-17 09:24 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2009-02-17 09:25 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2009-02-17 09:25 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2009-02-17 09:25 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Registry Reviver"="c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe" [2012-04-05 1736520]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-13 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-13 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-13 141848]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 16860672]

"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2012-01-17 520544]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [7-2-2012 20:54 822624]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [8-6-2011 18:35 18240]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 3:18 360224]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [1-10-2011 1:30 508776]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [9-6-2011 9:05 40960]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [1-10-2011 1:30 584680]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [1-10-2011 1:30 209512]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [1-10-2011 1:30 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [1-10-2011 1:30 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [1-10-2011 1:30 219496]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [17-2-2009 11:25 20160]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5-4-2012 15:42 250808]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18-10-2011 2:43 78136]

S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [7-10-2009 22:32 21888]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11-10-2012 13:43 40776]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5-11-2009 3:31 4640000]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18-10-2011 2:43 181432]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-2-2010 13:37 517096]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:21]

.

2012-10-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-36DCC4F78D5444B-Gebruiker.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-26 04:09]

.

2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09]

.

2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09]

.

2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004Core.job

- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44]

.

2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004UA.job

- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44]

.

2012-10-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

2012-10-15 c:\windows\Tasks\Registry Reviver-Gebruiker-Startup.job

- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2011-02-04 08:37]

.

2012-10-14 c:\windows\Tasks\User_Feed_Synchronization-{02361792-D5A7-4357-9E1C-AADB8871148C}.job

- c:\windows\system32\msfeedssync.exe [2009-02-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.igoogle.nl/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

Trusted Zone: 127.0.0.1

Trusted Zone: localhost

TCP: DhcpNameServer = 64.111.80.5 64.111.80.8

DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab

DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab

DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-15 11:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(500)

c:\program files\Google\Drive\googledrivesync32.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\windows\system32\acs.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

c:\program files\Windows Desktop Search\WindowsSearch.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-15 11:07:43 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-15 09:07

.

Pre-Run: 90.556.370.944 bytes beschikbaar

Post-Run: 91.739.070.464 bytes beschikbaar

.

- - End Of File - - D22319670421404BC2D16180AB3CD9B5

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.