Mededeling

Collapse
No announcement yet.

Gedetecteerd: stolen.Data/Trojan.Agent.Gen/Malware.Trace

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • #16
    Hoe draait de computer nu?

    Comment


    • #17
      Nou.... het duurt nog steeds een tijd voor hij opgestart is. De eerste paar keer ging het sneller maar nu wordt het weer trager.

      Comment


      • #18
        Wat bedoel je met traag? Hoelang doet hij er over?
        Hoe draait de computer verder?

        Comment


        • #19
          Opstarten tot inlogscherm 1 minuut. Naar buroblad, minder dan een minuut. Maar voordat de toepassingen dan werken, ben ik 6 minuten verder. Dus het duurt ongeveer een minuut of 7 voor ik de pc kan gebruiken.

          Comment


          • #20
            Hoe draait de computer verder?
            ??


            Downloadt TDSSKiller en plaats het op je bureaublad.
            Dubbelklik op TDSSKiller.exe om de tool te starten.
            Klik op "Change parameters" en vink aan:
            - Services and drivers
            - Boot sectors
            - Verify drivers digital signatures
            - Detect TDLFS file system.
            Klik op "OK"
            Klik op de knop "Start Scan" en volg de instructies.
            Wanneer de scan klaar is klik je op de knop "Report".
            Er opent een kladblokbestand. Post de inhoud van dit bestand.
            Geeft TDSSKiller aan om een bestand te genezen (Cure),dan sta je dit toe. In dit geval wordt gevraagd om de computer te herstarten. Doe dit onmiddellijk.
            De unsigned files skip je, TDSS File System laat je verwijderen of in quarantaine zetten ( delete of copy to quarantine).
            Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.
            Na reboot vind je de log op c:\ met de naam TDSSKiller.versie_datum_uur_log.txt.
            Post dat logje.

            Comment


            • #21
              Ik krijg deze melding als ik het kladblokbestand wil posten. De ingevoerde tekst is te lang (125022 tekens). Verkort de tekst tot maximaal 50000 tekens.

              Heeft het wel zin om het te posten?

              Comment


              • #22
                Je kan het als bijlage toevoegen.

                Comment


                • #23
                  tdsskiller.txt


                  Zo dan?!

                  Comment


                  • #24
                    Kan je een nieuwe log met ComboFix maken en deze log posten?
                    Vraagt ComboFix om te updaten dan sta je dit toe.

                    Comment


                    • #25
                      ComboFix 13-01-17.04 - Claudia 19-01-2013 15:49:07.5.8 - x64
                      Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.3072 [GMT 1:00]
                      Gestart vanuit: c:\users\Claudia\Desktop\ComboFix.exe
                      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      .
                      .
                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      c:\users\Claudia\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
                      .
                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2012-12-19 to 2013-01-19 ))))))))))))))))))))))))))))))
                      .
                      .
                      2013-01-19 15:03 . 2013-01-19 15:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
                      2013-01-19 15:03 . 2013-01-19 15:03 -------- d-----w- c:\users\Public\AppData\Local\temp
                      2013-01-19 15:03 . 2013-01-19 15:03 -------- d-----w- c:\users\Gast\AppData\Local\temp
                      2013-01-19 15:03 . 2013-01-19 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
                      2013-01-14 17:13 . 2012-11-19 00:01 9125352 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A654B74E-0DE9-4C76-B782-1C4833628C38}\mpengine.dll
                      2013-01-13 20:35 . 2013-01-13 20:35 -------- d-----w- c:\program files\HitmanPro
                      2013-01-13 20:34 . 2013-01-13 21:20 -------- d-----w- c:\programdata\HitmanPro
                      2013-01-09 15:55 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
                      2013-01-09 15:55 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
                      2013-01-09 15:55 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
                      2013-01-09 15:55 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
                      2013-01-09 15:55 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
                      2013-01-09 15:55 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
                      2013-01-09 15:55 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
                      2013-01-09 15:55 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
                      2013-01-07 20:27 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
                      2012-12-22 11:17 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
                      2012-12-22 11:17 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
                      2012-12-22 11:17 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
                      2012-12-22 11:17 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2013-01-10 07:57 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
                      2013-01-08 19:12 . 2012-04-05 15:39 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                      2013-01-08 19:12 . 2011-05-17 15:47 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                      2013-01-08 19:12 . 2012-10-09 16:12 15739912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
                      2012-11-14 07:06 . 2012-12-13 16:36 17811968 ----a-w- c:\windows\system32\mshtml.dll
                      2012-11-14 06:32 . 2012-12-13 16:36 10925568 ----a-w- c:\windows\system32\ieframe.dll
                      2012-11-14 06:11 . 2012-12-13 16:36 2312704 ----a-w- c:\windows\system32\jscript9.dll
                      2012-11-14 06:04 . 2012-12-13 16:36 1346048 ----a-w- c:\windows\system32\urlmon.dll
                      2012-11-14 06:04 . 2012-12-13 16:36 1392128 ----a-w- c:\windows\system32\wininet.dll
                      2012-11-14 06:02 . 2012-12-13 16:36 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
                      2012-11-14 06:02 . 2012-12-13 16:36 237056 ----a-w- c:\windows\system32\url.dll
                      2012-11-14 05:59 . 2012-12-13 16:36 85504 ----a-w- c:\windows\system32\jsproxy.dll
                      2012-11-14 05:58 . 2012-12-13 16:36 816640 ----a-w- c:\windows\system32\jscript.dll
                      2012-11-14 05:57 . 2012-12-13 16:36 599040 ----a-w- c:\windows\system32\vbscript.dll
                      2012-11-14 05:57 . 2012-12-13 16:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
                      2012-11-14 05:55 . 2012-12-13 16:36 2144768 ----a-w- c:\windows\system32\iertutil.dll
                      2012-11-14 05:55 . 2012-12-13 16:36 729088 ----a-w- c:\windows\system32\msfeeds.dll
                      2012-11-14 05:53 . 2012-12-13 16:36 96768 ----a-w- c:\windows\system32\mshtmled.dll
                      2012-11-14 05:52 . 2012-12-13 16:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
                      2012-11-14 05:46 . 2012-12-13 16:36 248320 ----a-w- c:\windows\system32\ieui.dll
                      2012-11-14 02:09 . 2012-12-13 16:36 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
                      2012-11-14 01:58 . 2012-12-13 16:36 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                      2012-11-14 01:57 . 2012-12-13 16:36 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
                      2012-11-14 01:49 . 2012-12-13 16:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                      2012-11-14 01:48 . 2012-12-13 16:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
                      2012-11-14 01:44 . 2012-12-13 16:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
                      2012-11-13 01:45 . 2012-12-12 19:54 2048 ----a-w- c:\windows\system32\tzres.dll
                      2012-11-13 01:29 . 2012-12-12 19:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
                      2012-11-07 19:22 . 2012-11-07 19:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
                      2012-11-07 19:22 . 2012-11-07 19:22 289768 ----a-w- c:\windows\system32\javaws.exe
                      2012-11-07 19:22 . 2012-11-07 19:22 189416 ----a-w- c:\windows\system32\javaw.exe
                      2012-11-07 19:22 . 2012-11-07 19:22 916456 ----a-w- c:\windows\system32\deployJava1.dll
                      2012-11-07 19:22 . 2012-11-07 19:22 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
                      2012-11-07 19:22 . 2012-11-07 19:22 188904 ----a-w- c:\windows\system32\java.exe
                      2012-11-02 10:45 . 2012-12-12 19:54 477696 ----a-w- c:\windows\system32\dpnet.dll
                      2012-11-02 10:45 . 2012-12-12 19:54 68096 ----a-w- c:\windows\system32\dpnathlp.dll
                      2012-11-02 10:18 . 2012-12-12 19:54 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
                      2012-11-02 08:59 . 2012-12-12 19:54 26112 ----a-w- c:\windows\system32\dpnsvr.exe
                      2012-11-02 08:26 . 2012-12-12 19:54 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
                      2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
                      2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
                      2010-02-16 18:46 . 2010-02-16 18:46 7032780 ----a-w- c:\program files\SABnzbd-0.5.0RC6-win32-setup.exe
                      2010-01-09 10:18 . 2010-01-09 13:30 3004344 ----a-w- c:\program files\BitTorrent-6.2.exe
                      2009-05-20 03:56 . 2009-05-20 03:56 65912880 ----a-w- c:\program files\20080128135518500_Samsung_PC_Studio_321_HA4.exe
                      2009-05-20 03:55 . 2009-05-20 03:55 8420211 ----a-w- c:\program files\20070813082717640_Samsung_USB_Driver_Installer.exe
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                      REGEDIT4
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
                      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                      .
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "0x017"="0x017" [X]
                      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
                      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
                      "AMD Graphic"="c:\users\Claudia\AppData\Local\AMD Drivers\AMDgraphics.exe" [2009-09-04 4550656]
                      "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
                      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                      "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
                      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
                      "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
                      "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
                      "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-12-18 2617552]
                      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
                      "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
                      "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
                      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
                      "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
                      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
                      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
                      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
                      "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-12-18 905056]
                      .
                      c:\users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                      Dropbox.lnk - c:\users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
                      .
                      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                      VideoCam Suite.lnk - c:\program files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-1-25 349600]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                      "EnableLUA"= 0 (0x0)
                      "EnableUIADesktopToggle"= 0 (0x0)
                      "EnableLinkedConnections"= 1 (0x1)
                      .
                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                      "EnableLUA"= 0 (0x0)
                      .
                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
                      BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk /r \??\M:\0autocheck autochk *
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
                      @=""
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
                      @=""
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
                      @=""
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
                      @=""
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                      @="Service"
                      .
                      --- Andere Services/Drivers In Geheugen ---
                      .
                      *Deregistered* - NisDrv
                      .
                      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                      Themes
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
                      2007-07-18 15:53 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                      2013-01-12 15:04 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      .
                      2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
                      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:12]
                      .
                      2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44]
                      .
                      2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44]
                      .
                      2013-01-19 c:\windows\Tasks\User_Feed_Synchronization-{31211911-6031-4BC9-9472-24E78C22596A}.job
                      - c:\windows\system32\msfeedssync.exe [2011-03-31 13:30]
                      .
                      .
                      --------- X64 Entries -----------
                      .
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
                      "SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 710528]
                      "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504]
                      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-11-25 6936096]
                      "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-12-18 140568]
                      .
                      ------- Bijkomende Scan -------
                      .
                      uLocal Page = c:\windows\system32\blank.htm
                      uStart Page = hxxp://www.startpagina.nl/
                      mLocal Page = c:\windows\SysWOW64\blank.htm
                      uInternet Settings,ProxyOverride = *.local
                      IE: Add to AMV Convert Tool... - d:\mp4\AMVConverter\grab.html
                      IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
                      IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
                      IE: MediaManager tool grab multimedia file - d:\mp4\MediaManager\grab.html
                      Trusted Zone: coenbakker.nl\vpn
                      TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                      DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.92.48.123:8081/activex/AMC.cab
                      CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
                      .
                      - - - - ORPHANS VERWIJDERD - - - -
                      .
                      Toolbar-10 - (no file)
                      Wow6432Node-HKCU-Run-TNS NIPO Clicks - c:\users\Claudia\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
                      SafeBoot-86050664.sys
                      SafeBoot-WudfPf
                      SafeBoot-WudfRd
                      WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
                      .
                      .
                      .
                      --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe ,-101"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker5"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe ,-101"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                      @Denied: (A 2) (Everyone)
                      @="Shockwave Flash Object"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
                      "ThreadingModel"="Apartment"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                      @="0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                      @="ShockwaveFlash.ShockwaveFlash.11"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                      @="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                      @="ShockwaveFlash.ShockwaveFlash"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                      @Denied: (A 2) (Everyone)
                      @="Macromedia Flash Factory Object"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
                      "ThreadingModel"="Apartment"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                      @="FlashFactory.FlashFactory.1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                      @="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                      @="FlashFactory.FlashFactory"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker5"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
                      @Denied: (A 2) (Everyone)
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
                      @="Shockwave Flash"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
                      @Denied: (A 2) (Everyone)
                      @=""
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
                      @="FlashBroker"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
                      "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                      00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
                      "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
                      00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                      .
                      Voltooingstijd: 2013-01-19 16:10:31
                      ComboFix-quarantined-files.txt 2013-01-19 15:10
                      ComboFix2.txt 2013-01-15 17:29
                      .
                      Pre-Run: 208.811.077.632 bytes beschikbaar
                      Post-Run: 207.128.453.120 bytes beschikbaar
                      .
                      - - End Of File - - 1F172FFC3239C41F9F8E113072918839

                      Comment


                      • #26
                        Hallo,

                        Ik vrees dat ik je laatste bericht gemist heb.
                        Mocht je nog problemen hebben, meld je dan even terug.

                        Comment


                        • #27
                          Pc is nog steeds erg traag met opstarten. Duurt echt gewoon een minuut of 10.

                          Comment


                          • #28
                            Na ingave van het wachtwoord?

                            Comment


                            • #29
                              Ja, klopt

                              Comment


                              • #30
                                Probeer eens of je het probleem ook hebt bij een nieuwe account.

                                Comment

                                Sorry, you are not authorized to view this page
                                Working...
                                X