Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
dutchcoppi
Hoi Ben,
en er is wat gevonden !
C:\Documents and Settings\Geert\Bureaublad\imgburn.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
Hoi Geert,
Naar aanleiding wat ESET gevonden en verwijderd heeft, toch weer even een stukje dieper kijken.
Download Combofix hier en plaats het op jou bureaublad.
Schakel nu eerst jou virusscanner uit. Deze gaat weer aan nadat computer opnieuw is opgestart.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt
van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in jou volgende bericht het logje van Combofix en vertel hoe het nu gaat.
Succes,
Huib;)
Hoi Huib,
hierbij de Combofix log:
ComboFix 13-08-12.01 - Geert 12-08-2013 19:38:25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1535.832
Gestart vanuit: c:\documents and settings\Geert\Bureaublad\ComboFix.exe
AV: Basis *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Geert\Local Settings\Application Data\assembly\tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Legacy_NPF
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-07-12 to 2013-08-12 ))))))))))))))))))))))))))))))
.
.
2013-08-10 21:06 . 2013-08-11 09:14 ——– d–h–r- c:\documents and settings\Geert\Onlangs geopend
2013-08-08 18:43 . 2013-08-08 18:43 ——– dc—-w- C:\rsit
2013-08-08 18:11 . 2013-08-08 18:11 ——– d—–w- c:\windows\ERUNT
2013-08-08 18:07 . 2013-08-08 18:43 ——– d—–w- c:\program files\trend micro
2013-07-27 08:22 . 2013-07-27 08:22 144896 —-a-w- c:\windows\system32\javacpl.cpl
2013-07-27 08:22 . 2013-07-27 08:22 94632 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-22 19:08 . 2013-07-22 19:15 44240 —-a-w- c:\windows\system32\drivers\fsbts.sys
2013-07-22 19:03 . 2013-07-22 19:03 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2013-07-22 18:43 . 2013-07-22 18:59 ——– d—–w- c:\program files\Internetbeveiliging
2013-07-22 18:33 . 2013-07-22 19:08 ——– dc—-w- c:\documents and settings\All Users\Application Data\F-Secure
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-27 08:22 . 2013-02-13 19:48 867240 -c–a-w- c:\windows\system32\npDeployJava1.dll
2013-07-27 08:22 . 2010-07-11 11:10 789416 -c–a-w- c:\windows\system32\deployJava1.dll
2013-07-20 19:37 . 2012-05-02 08:24 692104 -c–a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-20 19:37 . 2011-05-16 14:22 71048 -c–a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 18:50 . 2013-06-13 17:50 9089416 —-a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-08 01:23 . 2004-08-03 23:03 920064 —-a-w- c:\windows\system32\wininet.dll
2013-06-07 21:53 . 2004-08-03 23:03 43520 —-a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:53 . 2004-08-03 23:03 1469440 ——w- c:\windows\system32\inetcpl.cpl
2013-06-07 21:28 . 2007-06-06 17:38 86888 —-a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-07 21:28 . 2007-06-06 17:38 53064 -c–a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-07 21:28 . 2007-06-06 17:38 31560 -c–a-w- c:\windows\system32\LMIport.dll
2013-06-07 21:28 . 2007-06-06 17:38 92488 -c–a-w- c:\windows\system32\LMIinit.dll
2013-06-07 18:27 . 2004-08-03 22:55 385024 —-a-w- c:\windows\system32\html.iec
2013-06-05 09:08 . 2004-08-03 22:56 1876864 —-a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22 . 2004-08-03 23:03 563200 —-a-w- c:\windows\system32\qedit.dll
2007-08-09 12:08 . 2008-02-14 15:35 8784 -c–a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 . 2008-02-14 15:35 245408 -c–a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2013-02-13 19:41 . 2011-03-25 15:20 136672 -c–a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2013-05-25 00:36 130736 —-a-w- c:\documents and settings\Geert\Application Data\Dropbox\bin\DropboxExt.19.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2013-05-25 00:36 130736 —-a-w- c:\documents and settings\Geert\Application Data\Dropbox\bin\DropboxExt.19.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2013-05-25 00:36 130736 —-a-w- c:\documents and settings\Geert\Application Data\Dropbox\bin\DropboxExt.19.dll
.
@=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
2013-05-25 00:36 130736 —-a-w- c:\documents and settings\Geert\Application Data\Dropbox\bin\DropboxExt.19.dll
.
“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\wcescomm.exe”
“MyTomTomSA.exe”=“c:\program files\MyTomTom 3\MyTomTomSA.exe”
“OfficeSyncProcess”=“c:\program files\Microsoft Office\Office14\MSOSYNC.EXE”
.
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“nwiz”=“nwiz.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe”
“TkBellExe”=“c:\program files\real\realplayer\update\realsched.exe”
“LogMeIn GUI”=“c:\program files\LogMeIn\x86\LogMeInSystray.exe”
“Communicator”=“c:\program files\Microsoft Lync\communicator.exe”
“Ptipbmf”=“ptipbmf.dll”
“PtiuPbmd”=“ptipbm.dll”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“F-Secure Hoster (45123)”=“c:\program files\Internetbeveiliging\fshoster32.exe”
“F-Secure Manager”=“c:\program files\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
“DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe”
.
c:\documents and settings\Geert\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\Geert\Application Data\Dropbox\bin\Dropbox.exe /systemstartup
.
@=“”
.
@=“Driver”
.
@=“Service”
.
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
path=c:\documents and settings\Geert\Menu Start\Programma's\Opstarten\OneNote 2010 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnkStartup
.
2009-05-26 19:16 1468296 -c–a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
2009-05-21 18:25 1501064 -c–a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
2008-06-08 07:31 2221352 -c–a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
“LightScribeControlPanel”=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” /background
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” /background
“updateMgr”=“c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
“AdobeUpdateManager”=“c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1
.
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” -osboot
.
“%windir%\\system32\\sessmgr.exe”=
“c:\\WINDOWS\\system32\\ftp.exe”=
“c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE”=
“c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE”=
“c:\\Program Files\\Mozilla Firefox\\firefox.exe”=
“c:\\WINDOWS\\system32\\dpnsvr.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe”=
“c:\\WINDOWS\\system32\\PnkBstrA.exe”=
“c:\\WINDOWS\\system32\\PnkBstrB.exe”=
“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\java.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Documents and Settings\\Geert\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe”=
“c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE”=
“c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe”=
“c:\\Documents and Settings\\Geert\\Bureaublad\\GeocacheSubmitter.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\javaw.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\WINDOWS\\system32\\javaw.exe”=
“c:\windows\system32\dllhoster.exe”= c:\windows\system32\dllhoster.exe
“c:\\Documents and Settings\\Geert\\Application Data\\Dropbox\\bin\\Dropbox.exe”=
“c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\Program Files\\Microsoft Lync\\communicator.exe”=
“c:\\Program Files\\Microsoft Lync\\UcMapi.exe”=
.
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017
“1033:TCP”= 1033:TCP:Akamai NetSession Interface
“5000:UDP”= 5000:UDP:Akamai NetSession Interface
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys
R2 fshoster;F-Secure Dll Hoster;c:\program files\Internetbeveiliging\fshoster32.exe
R2 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
R3 fsni;fsni;c:\program files\Internetbeveiliging\apps\CCF_Scanning\fsnixp32.sys
R3 fsnitdi;fsnitdi;c:\program files\Internetbeveiliging\apps\CCF_Scanning\fsnitdi32.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys
S2 !SASCORE;SAS Core Service;“c:\program files\SUPERAntiSpyware\SASCORE.EXE” –> c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 FreemakeVideoCapture;FreemakeVideoCapture;“c:\program files\Freemake\CaptureLib\CaptureLibService.exe” –> c:\program files\Freemake\CaptureLib\CaptureLibService.exe
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys –> c:\windows\system32\drivers\dgderdrv.sys
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\\MAGIX\\Common\\Database\\bin\\fbserver.exe –> c:\\MAGIX\\Common\\Database\\bin\\fbserver.exe
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
S3 SASENUM;SASENUM;\\??\\c:\\Program Files\\SUPERAntiSpyware\\SASENUM.SYS –> \\c:\\Program Files\\SUPERAntiSpyware\\SASENUM.SYS
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys
.
getPlusHelper REG_MULTI_SZ getPlusHelper
.
2007-07-18 15:53 451872 -c–a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
2013-08-01 19:53 1173456 —-a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2010-09-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe
.
2013-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-2146943873-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
2013-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-2146943873-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
2013-06-22 c:\windows\Tasks\ReclaimerResumeInstallLogin_Geert.job
- c:\documents and settings\Geert\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
.
2013-08-09 c:\windows\Tasks\ReclaimerResumeInstall_Geert.job
- c:\documents and settings\Geert\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.nu.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\Geert\Application Data\Mozilla\Firefox\Profiles\c3kwohmx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: !HIDDEN! 2010-11-03 17:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AirVideoServer - c:\program files\AirVideoServer\AirVideoServer.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-12 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
“ImagePath”=“\”c:\program files\Internetbeveiliging\fshoster32.exe\“ -hosterid:0”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“??”=hex:bf,a9,1f,ba,67,01,38,57,b6,00,01,50,9a,88,13,55,81,f1,67,8d,b8,cb,3c,
15,40,30,20,b0,4d,92,b5,fe,52,99,fc,9d,73,3c,80,4f,a4,76,aa,ca,2b,69,73,3a,\
“??”=hex:e0,2b,a8,49,8e,f8,fe,4d,ae,52,fe,5f,7e,13,6b,49
.
“datasecu”=hex:96,58,bf,e2,5c,64,55,10,ad,f5,a2,c0,e1,77,b7,89,c6,8f,79,35,6e,
69,9b,43,5c,81,aa,e2,da,4d,31,5f,9b,50,aa,81,a6,f4,5e,6e,b9,a8,d5,78,6d,92,\
“rkeysecu”=hex:29,80,dd,cd,55,68,1c,67,c5,98,47,f8,1b,bd,a2,c5
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: ) (Everyone)
“AgentIdentifier”=“a6388d81-59f4-4d50-a3dc-9b24c87c6222”
“AuthorizationCode”=“”
“45123_AgentIdentifier”=“a6388d81-59f4-4d50-a3dc-9b24c87c6222”
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
@DACL=(02 0000)
@=“Draadloos”
“ProcessGroupPolicy”=“ProcessWIRELESSPolicy”
“DllName”=expand:“gptext.dll”
“NoUserPolicy”=dword:00000001
“NoGPOListChanges”=dword:00000001
.
@DACL=(02 0000)
@=“Folder Redirection”
“ProcessGroupPolicyEx”=“ProcessGroupPolicyEx”
“DllName”=expand:“fdeploy.dll”
“NoMachinePolicy”=dword:00000001
“NoSlowLink”=dword:00000001
“PerUserLocalSettings”=dword:00000001
“NoGPOListChanges”=dword:00000000
“NoBackgroundPolicy”=dword:00000000
“GenerateGroupPolicy”=“GenerateGroupPolicy”
“EventSources”=multi:“(Folder Redirection,Application)\00\00”
.
@DACL=(02 0000)
@=“Microsoft Disk Quota”
“NoMachinePolicy”=dword:00000000
“NoUserPolicy”=dword:00000001
“NoSlowLink”=dword:00000001
“NoBackgroundPolicy”=dword:00000001
“NoGPOListChanges”=dword:00000001
“PerUserLocalSettings”=dword:00000000
“RequiresSuccessfulRegistry”=dword:00000001
“EnableAsynchronousProcessing”=dword:00000000
“DllName”=expand:“dskquota.dll”
“ProcessGroupPolicy”=“ProcessGroupPolicy”
.
@DACL=(02 0000)
@=“QoS-pakketplanner”
“ProcessGroupPolicy”=“ProcessPSCHEDPolicy”
“DllName”=expand:“gptext.dll”
“NoUserPolicy”=dword:00000001
“NoGPOListChanges”=dword:00000001
.
@DACL=(02 0000)
@=“Scripts”
“ProcessGroupPolicy”=“ProcessScriptsGroupPolicy”
“ProcessGroupPolicyEx”=“ProcessScriptsGroupPolicyEx”
“GenerateGroupPolicy”=“GenerateScriptsGroupPolicy”
“DllName”=expand:“gptext.dll”
“NoSlowLink”=dword:00000001
“NoGPOListChanges”=dword:00000001
“NotifyLinkTransition”=dword:00000001
.
@DACL=(02 0000)
@=“Internet Explorer Zonemapping”
“DllName”=“c:\\WINDOWS\\system32\\iedkcs32.dll”
“ProcessGroupPolicy”=“ProcessGroupPolicyForZoneMap”
“NoGPOListChanges”=dword:00000001
“RequiresSucessfulRegistry”=dword:00000001
“DisplayName”=“@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051”
“RequiresSuccessfulRegistry”=dword:00000001
.
@DACL=(02 0000)
@=“Internet Explorer User Accelerators”
“DisplayName”=“@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051”
“DllName”=“c:\\WINDOWS\\system32\\iedkcs32.dll”
“NoGPOListChanges”=dword:00000001
“ProcessGroupPolicy”=“ProcessGroupPolicyForActivities”
“ProcessGroupPolicyEx”=“ProcessGroupPolicyForActivitiesEx”
“RequiresSuccessfulRegistry”=dword:00000001
.
@DACL=(02 0000)
“ProcessGroupPolicy”=“SceProcessSecurityPolicyGPO”
“GenerateGroupPolicy”=“SceGenerateGroupPolicy”
“ExtensionRsopPlanningDebugLevel”=dword:00000001
“ProcessGroupPolicyEx”=“SceProcessSecurityPolicyGPOEx”
“ExtensionDebugLevel”=dword:00000001
“DllName”=expand:“scecli.dll”
@=“Security”
“NoUserPolicy”=dword:00000001
“NoGPOListChanges”=dword:00000001
“EnableAsynchronousProcessing”=dword:00000001
“MaxNoGPOListChangesInterval”=dword:000003c0
.
@DACL=(02 0000)
“ProcessGroupPolicyEx”=“ProcessGroupPolicyEx”
“GenerateGroupPolicy”=“GenerateGroupPolicy”
“ProcessGroupPolicy”=“ProcessGroupPolicy”
“DllName”=“c:\\WINDOWS\\system32\\iedkcs32.dll”
@=“Internet Explorer Branding”
“NoSlowLink”=dword:00000001
“NoBackgroundPolicy”=dword:00000000
“NoGPOListChanges”=dword:00000001
“NoMachinePolicy”=dword:00000001
“DisplayName”=“@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014”
.
@DACL=(02 0000)
“ProcessGroupPolicy”=“SceProcessEFSRecoveryGPO”
“DllName”=expand:“scecli.dll”
@=“EFS recovery”
“NoUserPolicy”=dword:00000001
“NoGPOListChanges”=dword:00000001
“RequiresSuccessfulRegistry”=dword:00000001
.
@DACL=(02 0000)
@=“802.3 Group Policy”
“DisplayName”=expand:“@dot3gpclnt.dll,-100”
“ProcessGroupPolicyEx”=“ProcessLANPolicyEx”
“GenerateGroupPolicy”=“GenerateLANPolicy”
“DllName”=expand:“dot3gpclnt.dll”
“NoUserPolicy”=dword:00000001
“NoGPOListChanges”=dword:00000001
.
@DACL=(02 0000)
@=“Microsoft Offline Files”
“DllName”=expand:“%SystemRoot%\\System32\\cscui.dll”
“EnableAsynchronousProcessing”=dword:00000000
“NoBackgroundPolicy”=dword:00000000
“NoGPOListChanges”=dword:00000000
“NoMachinePolicy”=dword:00000000
“NoSlowLink”=dword:00000000
“NoUserPolicy”=dword:00000001
“PerUserLocalSettings”=dword:00000000
“ProcessGroupPolicy”=“ProcessGroupPolicy”
“RequiresSuccessfulRegistry”=dword:00000001
.
@DACL=(02 0000)
@=“Software-installatie”
“DllName”=expand:“appmgmts.dll”
“ProcessGroupPolicyEx”=“ProcessGroupPolicyObjectsEx”
“GenerateGroupPolicy”=“GenerateGroupPolicy”
“NoBackgroundPolicy”=dword:00000000
“RequiresSucessfulRegistry”=dword:00000000
“NoSlowLink”=dword:00000001
“PerUserLocalSettings”=dword:00000001
“EventSources”=multi:“(Application Management,Application)\00(MsiInstaller,Application)\00\00”
.
@DACL=(02 0000)
@=“Internet Explorer Machine Accelerators”
“DisplayName”=“@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051”
“DllName”=“c:\\WINDOWS\\system32\\iedkcs32.dll”
“NoGPOListChanges”=dword:00000001
“ProcessGroupPolicy”=“ProcessGroupPolicyForActivities”
“ProcessGroupPolicyEx”=“ProcessGroupPolicyForActivitiesEx”
“RequiresSuccessfulRegistry”=dword:00000001
.
@DACL=(02 0000)
@=“IP-beveiliging”
“ProcessGroupPolicy”=“ProcessIPSECPolicy”
“DllName”=expand:“gptext.dll”
“NoUserPolicy”=dword:00000001
“NoGPOListChanges”=dword:00000000
.
@DACL=(02 0000)
“DllName”=“c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL”
“Logon”=“SABWINLOLogon”
“Logoff”=“SABWINLOLogoff”
“Startup”=“SABWINLOStartup”
“Shutdown”=“SABWINLOShutdown”
“Asynchronous”=dword:00000000
“Impersonate”=dword:00000000
.
@DACL=(02 0000)
“Asynchronous”=dword:00000000
“Impersonate”=dword:00000000
“DllName”=expand:“crypt32.dll”
“Logoff”=“ChainWlxLogoffEvent”
.
@DACL=(02 0000)
“Asynchronous”=dword:00000000
“Impersonate”=dword:00000000
“DllName”=expand:“cryptnet.dll”
“Logoff”=“CryptnetWlxLogoffEvent”
.
@DACL=(02 0000)
“DLLName”=“cscdll.dll”
“Logon”=“WinlogonLogonEvent”
“Logoff”=“WinlogonLogoffEvent”
“ScreenSaver”=“WinlogonScreenSaverEvent”
“Startup”=“WinlogonStartupEvent”
“Shutdown”=“WinlogonShutdownEvent”
“StartShell”=“WinlogonStartShellEvent”
“Impersonate”=dword:00000000
“Asynchronous”=dword:00000001
.
@DACL=(02 0000)
“Asynchronous”=dword:00000001
“DllName”=expand:“%SystemRoot%\\System32\\dimsntfy.dll”
“Startup”=“WlDimsStartup”
“Shutdown”=“WlDimsShutdown”
“Logon”=“WlDimsLogon”
“Logoff”=“WlDimsLogoff”
“StartShell”=“WlDimsStartShell”
“Lock”=“WlDimsLock”
“Unlock”=“WlDimsUnlock”
.
@DACL=(02 0000)
“Asynchronous”=dword:00000000
“DllName”=expand:“LMIinit.dll”
“Impersonate”=dword:00000000
“Lock”=“WLEventLock”
“Logoff”=“WLEventLogoff”
“Logon”=“WLEventLogon”
“Shutdown”=“WLEventShutdown”
“StartScreenSaver”=“WLEventStartScreenSaver”
“StartShell”=“WLEventStartShell”
“Startup”=“WLEventStartup”
“StopScreenSaver”=“WLEventStopScreenSaver”
“Unlock”=“WLEventUnlock”
.
@DACL=(02 0000)
“DLLName”=“wlnotify.dll”
“Logon”=“SCardStartCertProp”
“Logoff”=“SCardStopCertProp”
“Lock”=“SCardSuspendCertProp”
“Unlock”=“SCardResumeCertProp”
“Enabled”=dword:00000001
“Impersonate”=dword:00000001
“Asynchronous”=dword:00000001
.
@DACL=(02 0000)
“Asynchronous”=dword:00000000
“DllName”=expand:“wlnotify.dll”
“Impersonate”=dword:00000000
“StartShell”=“SchedStartShell”
“Logoff”=“SchedEventLogOff”
.
@DACL=(02 0000)
“Logoff”=“WLEventLogoff”
“Impersonate”=dword:00000000
“Asynchronous”=dword:00000001
“DllName”=expand:“sclgntfy.dll”
.
@DACL=(02 0000)
“DLLName”=“WlNotify.dll”
“Lock”=“SensLockEvent”
“Logon”=“SensLogonEvent”
“Logoff”=“SensLogoffEvent”
“Safe”=dword:00000001
“MaxWait”=dword:00000258
“StartScreenSaver”=“SensStartScreenSaverEvent”
“StopScreenSaver”=“SensStopScreenSaverEvent”
“Startup”=“SensStartupEvent”
“Shutdown”=“SensShutdownEvent”
“StartShell”=“SensStartShellEvent”
“PostShell”=“SensPostShellEvent”
“Disconnect”=“SensDisconnectEvent”
“Reconnect”=“SensReconnectEvent”
“Unlock”=“SensUnlockEvent”
“Impersonate”=dword:00000001
“Asynchronous”=dword:00000001
.
@DACL=(02 0000)
“Asynchronous”=dword:00000000
“DllName”=expand:“wlnotify.dll”
“Impersonate”=dword:00000000
“Logoff”=“TSEventLogoff”
“Logon”=“TSEventLogon”
“PostShell”=“TSEventPostShell”
“Shutdown”=“TSEventShutdown”
“StartShell”=“TSEventStartShell”
“Startup”=“TSEventStartup”
“MaxWait”=dword:00000258
“Reconnect”=“TSEventReconnect”
“Disconnect”=“TSEventDisconnect”
.
@DACL=(02 0000)
“DLLName”=“wlnotify.dll”
“Logon”=“RegisterTicketExpiredNotificationEvent”
“Logoff”=“UnregisterTicketExpiredNotificationEvent”
“Impersonate”=dword:00000001
“Asynchronous”=dword:00000001
.
@DACL=(02 0000)
“HelpAssistant”=dword:00000000
“TsInternetUser”=dword:00000000
“SQLAgentCmdExec”=dword:00000000
“NetShowServices”=dword:00000000
“IWAM_”=dword:00010000
“IUSR_”=dword:00010000
“VUSR_”=dword:00010000
“ASPNET”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(3372)
c:\documents and settings\Geert\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1043\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\brss01a.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
c:\program files\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\documents and settings\Geert\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2013-08-12 19:57:17 - machine werd herstart
ComboFix-quarantined-files.txt 2013-08-12 17:57
.
Pre-Run: 4.879.237.120 bytes beschikbaar
Post-Run: 5.316.247.552 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
.
- - End Of File - - 8AC9059BDAC28E0945B016F212A3E042
3051207086651214E435112E51817DC5
Hoi Geert,
Ik denk toch dat de leeftijd het is van je computer.
Door middel van allerlei scans weet ik wel dat er geen vertragende (besmettingen) onderdelen op jou computer zitten.
Laat StartUpLite eens draaien, dan kun je zien wat er allemaal wel of niet gelijk opgestart hoeft te worden.
StartUpLite kun je hier downloaden.
StartUpLite geeft alle onnodige programma's aan, die worden opgestart met Windows.
De keuze is aan jouw welke je wel nodig vindt om op te starten met je Windows, kies in dat geval No action.
Via Start Programma's kan je ze altijd handmatig laten opstarten.
Let op snelkoppelingen op het bureaublad leiden ook tot vertraging.
Gebruik in StartUpLite niet de optie “Remove” !!!
Dan wordt het uit het register verwijderd en veranderingen kunnen dan niet meer ongedaan worden gemaakt.
Selecteer alleen de "Remove" optie indien je zeker bent dat je in de toekomst dit programma nooit meer wilt laten opstarten met Windows!!
Voer ook regelmatig ons schoonmaakplan uit.
Laat even weten of dit nog geholpen heeft, daarna moeten we alle gebruikte programma's nog opruimen.
Succes,
Huib;)
Hoi Geert,
Dan laten we het hier bij.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings
Klik nu op “Run” en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.
Groetjes Huib;)
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
