Mededeling

Collapse
No announcement yet.

Gedetecteerd: stolen.Data/Trojan.Agent.Gen/Malware.Trace

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • #31
    Maakt niet uit. Het wisselt trouwens, nu was de pc weer traag voor het invoeren van het ww.
    Er is eigenlijk geen peil op te trekken.

    Comment


    • #32
      Wat zijn de F en de M schijf bij u?

      Comment


      • #33
        Verwisselbare. Op F en G heb ik externe harddisken maar die staan, bijna altijd, uit. J,K,L en M zijn niks, behalve als ik de kaartlezer aansluit. C en D de de lokale stations. E DVD

        Comment


        • #34
          Je hebt ComboFix nog op je bureaublad staan?

          Open een kladblokbestand.
          Kopieer de onderstaande code, en plak deze in het kladblokbestand.
          Sla het kladblokbestand op als CFScript.txt
          Code:
          Registry::
          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
          "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
          Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

          ComboFix zal opnieuw starten.
          Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
          Post de inhoud van de logfile.

          Comment


          • #35
            ComboFix 13-02-15.01 - Claudia 16-02-2013 13:22:52.8.8 - x64
            Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.2951 [GMT 1:00]
            Gestart vanuit: C:\Users\Claudia\Desktop\ComboFix.exe
            gebruikte Opdracht switches :: C:\Users\Claudia\Documents\CFScript.txt
            SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


            (((((((((((((((((((( Bestanden Gemaakt van 2013-01-16 to 2013-02-16 ))))))))))))))))))))))))))))))


            2013-02-16 12:33:24 . 2013-02-16 12:33:24 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
            2013-02-16 12:33:24 . 2013-02-16 12:33:24 -------- d-----w- C:\Users\Public\AppData\Local\temp
            2013-02-16 12:33:24 . 2013-02-16 12:33:24 -------- d-----w- C:\Users\Gast\AppData\Local\temp
            2013-02-16 12:33:24 . 2013-02-16 12:33:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
            2013-02-15 17:37:48 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
            2013-02-15 17:37:48 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
            2013-02-14 16:58:21 . 2013-01-04 11:31:10 1417576 ----a-w- C:\Windows\system32\drivers\tcpip.sys
            2013-02-14 16:58:21 . 2013-01-04 02:23:07 40448 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
            2013-02-14 16:57:50 . 2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\system32\win32k.sys
            2013-02-14 16:57:19 . 2012-11-08 04:26:22 1570816 ----a-w- C:\Windows\system32\quartz.dll
            2013-02-14 16:57:19 . 2012-11-08 03:48:38 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
            2013-02-14 16:56:43 . 2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\system32\ntoskrnl.exe
            2013-01-29 10:36:10 . 2013-01-08 05:32:08 9161176 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3718BC41-4DC0-4131-A7AA-30A8BDB5276C}\mpengine.dll
            2013-01-24 17:12:19 . 2013-01-24 17:12:32 -------- d-----w- C:\Users\Claudia\AppData\Roaming\Juniper Networks
            2013-01-18 22:39:33 . 2013-01-18 22:39:34 -------- d-----w- C:\TDSSKiller_Quarantine
            .


            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

            2013-02-15 17:35:13 . 2006-11-02 12:35:00 70004024 ----a-w- C:\Windows\system32\mrt.exe
            2013-02-14 16:55:32 . 2012-04-05 15:39:39 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
            2013-02-14 16:55:32 . 2011-05-17 15:47:50 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
            2013-01-30 10:53:22 . 2009-10-02 15:42:13 273840 ------w- C:\Windows\system32\MpSigStub.exe
            2012-12-16 13:31:20 . 2012-12-22 11:17:45 48128 ----a-w- C:\Windows\system32\atmlib.dll
            2012-12-16 13:12:54 . 2012-12-22 11:17:45 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
            2012-12-16 11:08:21 . 2012-12-22 11:17:45 368128 ----a-w- C:\Windows\system32\atmfd.dll
            2012-12-16 10:50:29 . 2012-12-22 11:17:45 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
            2012-12-14 15:49:28 . 2013-01-07 20:27:39 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys
            2012-11-22 04:22:38 . 2013-01-09 15:55:28 456192 ----a-w- C:\Windows\system32\shlwapi.dll
            2012-11-20 04:22:50 . 2013-01-09 15:55:41 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
            2012-11-20 04:21:04 . 2013-01-09 15:55:41 253952 ----a-w- C:\Windows\system32\ncrypt.dll
            2010-02-16 18:46:32 . 2010-02-16 18:46:21 7032780 ----a-w- C:\Program Files\SABnzbd-0.5.0RC6-win32-setup.exe
            2010-01-09 10:18:11 . 2010-01-09 13:30:34 3004344 ----a-w- C:\Program Files\BitTorrent-6.2.exe
            2009-05-20 03:56:34 . 2009-05-20 03:56:18 65912880 ----a-w- C:\Program Files\20080128135518500_Samsung_PC_Studio_321_HA4.exe
            2009-05-20 03:55:57 . 2009-05-20 03:55:43 8420211 ----a-w- C:\Program Files\20070813082717640_Samsung_USB_Driver_Installer.exe


            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
            REGEDIT4

            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
            @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
            @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
            @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
            @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "0x017"="0x017" [X]
            "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 07:10:53 1555968]
            "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:51:33 138240]
            "AMD Graphic"="C:\Users\Claudia\AppData\Local\AMD Drivers\AMDgraphics.exe" [2009-09-04 06:58:30 4550656]
            "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 15:55:20 451872]
            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 08:21:08 153136]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
            "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
            "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 09:07:54 252296]
            "nmctxth"="C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 13:48:44 647216]
            "nmapp"="C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 01:53:36 472112]
            "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-12-18 00:53:12 2617552]
            "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
            "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 07:58:48 724536]
            "NBAgent"="C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 13:53:16 1493288]
            "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 21:30:34 421776]
            "Garmin Lifetime Updater"="C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 07:31:40 1466760]
            "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
            "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
            "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
            "AcronisTimounterMonitor"="C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-12-18 01:05:28 905056]

            C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
            Dropbox.lnk - C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]

            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
            VideoCam Suite.lnk - C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-1-25 349600]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "EnableLUA"= 0 (0x0)
            "EnableUIADesktopToggle"= 0 (0x0)
            "EnableLinkedConnections"= 1 (0x1)

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
            "EnableLUA"= 0 (0x0)

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
            BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk /r \??\M:\0autocheck autochk *

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
            @="Service"

            --- Andere Services/Drivers In Geheugen ---

            *Deregistered* - NisDrv

            HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
            Themes

            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
            2007-07-18 15:53:40 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
            2013-02-01 03:04:50 1607120 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

            Inhoud van de 'Gedeelde Taken' map

            2013-02-16 C:\Windows\Tasks\Adobe Flash Player Updater.job
            - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:39:39 . 2013-02-14 16:55:33]

            2013-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
            - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44:58 . 2009-12-08 18:44:52]

            2013-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
            - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44:58 . 2009-12-08 18:44:52]

            2013-02-16 C:\Windows\Tasks\User_Feed_Synchronization-{31211911-6031-4BC9-9472-24E78C22596A}.job
            - C:\Windows\system32\msfeedssync.exe [2011-03-31 13:30:55 . 2011-03-31 13:30:55]


            --------- X64 Entries -----------


            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
            @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
            @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
            @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
            @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
            [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
            2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 02:47:00 225792]
            "SonicWALLNetExtender"="C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 21:56:42 710528]
            "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 12:44:48 1833504]
            "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-11-25 12:44:00 6936096]
            "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-12-18 00:56:44 140568]

            ------- Bijkomende Scan -------

            uLocal Page = C:\Windows\system32\blank.htm
            uStart Page = hxxp://www.startpagina.nl/
            mLocal Page = C:\Windows\SysWOW64\blank.htm
            uInternet Settings,ProxyOverride = *.local
            IE: Add to AMV Convert Tool... - D:\MP4\AMVConverter\grab.html
            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
            IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
            IE: MediaManager tool grab multimedia file - D:\MP4\MediaManager\grab.html
            Trusted Zone: coenbakker.nl\vpn
            TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
            DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.92.48.123:8081/activex/AMC.cab
            CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

            - - - - ORPHANS VERWIJDERD - - - -

            Toolbar-10 - (no file)
            WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

            Comment


            • #36
              Er is iets niet goed gelopen.
              Wat had je in het CFScript bestand geplaatst?

              Comment


              • #37
                dit:


                [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
                "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

                Comment


                • #38
                  Dan heb je een stuk gemist, zie de instructiepost.
                  REGISTRY:: hoort er ook bij.

                  Comment


                  • #39
                    zo dan? Klopt dit?

                    ComboFix 13-02-15.01 - Claudia 16-02-2013 13:52:41.9.8 - x64
                    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.2893 [GMT 1:00]
                    Gestart vanuit: C:\Users\Claudia\Desktop\ComboFix.exe
                    gebruikte Opdracht switches :: C:\Users\Claudia\Documents\CFScript.txt
                    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


                    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-16 to 2013-02-16 ))))))))))))))))))))))))))))))


                    2013-02-16 13:03:38 . 2013-02-16 13:03:38 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
                    2013-02-16 13:03:38 . 2013-02-16 13:03:38 -------- d-----w- C:\Users\Public\AppData\Local\temp
                    2013-02-16 13:03:38 . 2013-02-16 13:03:38 -------- d-----w- C:\Users\Gast\AppData\Local\temp
                    2013-02-16 13:03:38 . 2013-02-16 13:03:38 -------- d-----w- C:\Users\Default\AppData\Local\temp
                    2013-02-15 17:37:48 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
                    2013-02-15 17:37:48 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
                    2013-02-14 16:58:21 . 2013-01-04 11:31:10 1417576 ----a-w- C:\Windows\system32\drivers\tcpip.sys
                    2013-02-14 16:58:21 . 2013-01-04 02:23:07 40448 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
                    2013-02-14 16:57:50 . 2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\system32\win32k.sys
                    2013-02-14 16:57:19 . 2012-11-08 04:26:22 1570816 ----a-w- C:\Windows\system32\quartz.dll
                    2013-02-14 16:57:19 . 2012-11-08 03:48:38 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
                    2013-02-14 16:56:43 . 2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\system32\ntoskrnl.exe
                    2013-01-29 10:36:10 . 2013-01-08 05:32:08 9161176 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3718BC41-4DC0-4131-A7AA-30A8BDB5276C}\mpengine.dll
                    2013-01-24 17:12:19 . 2013-01-24 17:12:32 -------- d-----w- C:\Users\Claudia\AppData\Roaming\Juniper Networks
                    2013-01-18 22:39:33 . 2013-01-18 22:39:34 -------- d-----w- C:\TDSSKiller_Quarantine
                    .


                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

                    2013-02-15 17:35:13 . 2006-11-02 12:35:00 70004024 ----a-w- C:\Windows\system32\mrt.exe
                    2013-02-14 16:55:32 . 2012-04-05 15:39:39 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                    2013-02-14 16:55:32 . 2011-05-17 15:47:50 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                    2013-01-30 10:53:22 . 2009-10-02 15:42:13 273840 ------w- C:\Windows\system32\MpSigStub.exe
                    2012-12-16 13:31:20 . 2012-12-22 11:17:45 48128 ----a-w- C:\Windows\system32\atmlib.dll
                    2012-12-16 13:12:54 . 2012-12-22 11:17:45 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
                    2012-12-16 11:08:21 . 2012-12-22 11:17:45 368128 ----a-w- C:\Windows\system32\atmfd.dll
                    2012-12-16 10:50:29 . 2012-12-22 11:17:45 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
                    2012-12-14 15:49:28 . 2013-01-07 20:27:39 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys
                    2012-11-22 04:22:38 . 2013-01-09 15:55:28 456192 ----a-w- C:\Windows\system32\shlwapi.dll
                    2012-11-20 04:22:50 . 2013-01-09 15:55:41 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
                    2012-11-20 04:21:04 . 2013-01-09 15:55:41 253952 ----a-w- C:\Windows\system32\ncrypt.dll
                    2010-02-16 18:46:32 . 2010-02-16 18:46:21 7032780 ----a-w- C:\Program Files\SABnzbd-0.5.0RC6-win32-setup.exe
                    2010-01-09 10:18:11 . 2010-01-09 13:30:34 3004344 ----a-w- C:\Program Files\BitTorrent-6.2.exe
                    2009-05-20 03:56:34 . 2009-05-20 03:56:18 65912880 ----a-w- C:\Program Files\20080128135518500_Samsung_PC_Studio_321_HA4.exe
                    2009-05-20 03:55:57 . 2009-05-20 03:55:43 8420211 ----a-w- C:\Program Files\20070813082717640_Samsung_USB_Driver_Installer.exe


                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                    REGEDIT4

                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
                    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 129272 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "0x017"="0x017" [X]
                    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 07:10:53 1555968]
                    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:51:33 138240]
                    "AMD Graphic"="C:\Users\Claudia\AppData\Local\AMD Drivers\AMDgraphics.exe" [2009-09-04 06:58:30 4550656]
                    "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 15:55:20 451872]
                    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 08:21:08 153136]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                    "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
                    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 09:07:54 252296]
                    "nmctxth"="C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 13:48:44 647216]
                    "nmapp"="C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 01:53:36 472112]
                    "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-12-18 00:53:12 2617552]
                    "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
                    "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 07:58:48 724536]
                    "NBAgent"="C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 13:53:16 1493288]
                    "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 21:30:34 421776]
                    "Garmin Lifetime Updater"="C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 07:31:40 1466760]
                    "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
                    "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
                    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
                    "AcronisTimounterMonitor"="C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-12-18 01:05:28 905056]

                    C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                    Dropbox.lnk - C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]

                    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
                    VideoCam Suite.lnk - C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-1-25 349600]

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "EnableLUA"= 0 (0x0)
                    "EnableUIADesktopToggle"= 0 (0x0)
                    "EnableLinkedConnections"= 1 (0x1)

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                    "EnableLUA"= 0 (0x0)

                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                    @="Service"

                    --- Andere Services/Drivers In Geheugen ---

                    *Deregistered* - NisDrv

                    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                    Themes

                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
                    2007-07-18 15:53:40 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                    2013-02-01 03:04:50 1607120 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

                    Inhoud van de 'Gedeelde Taken' map

                    2013-02-16 C:\Windows\Tasks\Adobe Flash Player Updater.job
                    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:39:39 . 2013-02-14 16:55:33]

                    2013-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
                    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44:58 . 2009-12-08 18:44:52]

                    2013-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
                    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44:58 . 2009-12-08 18:44:52]

                    2013-02-16 C:\Windows\Tasks\User_Feed_Synchronization-{31211911-6031-4BC9-9472-24E78C22596A}.job
                    - C:\Windows\system32\msfeedssync.exe [2011-03-31 13:30:55 . 2011-03-31 13:30:55]


                    --------- X64 Entries -----------


                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                    2012-11-13 23:32:48 162552 ----a-w- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 02:47:00 225792]
                    "SonicWALLNetExtender"="C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 21:56:42 710528]
                    "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 12:44:48 1833504]
                    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-11-25 12:44:00 6936096]
                    "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-12-18 00:56:44 140568]

                    ------- Bijkomende Scan -------

                    uLocal Page = C:\Windows\system32\blank.htm
                    uStart Page = hxxp://www.startpagina.nl/
                    mLocal Page = C:\Windows\SysWOW64\blank.htm
                    uInternet Settings,ProxyOverride = *.local
                    IE: Add to AMV Convert Tool... - D:\MP4\AMVConverter\grab.html
                    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
                    IE: MediaManager tool grab multimedia file - D:\MP4\MediaManager\grab.html
                    Trusted Zone: coenbakker.nl\vpn
                    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.92.48.123:8081/activex/AMC.cab
                    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

                    - - - - ORPHANS VERWIJDERD - - - -

                    Toolbar-10 - (no file)
                    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

                    Comment


                    • #40
                      Dat is beter.
                      Hoe verloopt het opstarten nu?

                      Comment


                      • #41
                        Opstarten tot aan buroblad gaat redelijk snel. Daarna duurt het een tijd voor de programma's geladen zijn.
                        Qua tijd ontloopt het niet zoals eerder. Het wisselt ook nog al eens, soms blijft hij lang hangen in een zwart beeld, gelijk bij het opstarten, soms na het ingeven van het ww en soms als het buroblad er al staat.

                        Comment


                        • #42
                          Eerder sprak je van een opstarttijd van 10 minuten.
                          Ik neem aan dat dit niet meer zo is?

                          Comment


                          • #43
                            Klopt, hij gaat wat sneller. Ik zal het de komende tijd in de gaten houden, want na de eerset keer dat je hielp liep hij ook even wat sneller. Helaas duurde dat niet lang.

                            Bedankt in elk geval.

                            Comment


                            • #44
                              Prima.
                              Deïnstalleer ComboFix. Ga naar "Start" - "Uitvoeren" en tik in: Combofix /Uninstall
                              (Let op de spatie tussen Combofix en /Uninstall)
                              Druk daarna op Enter.
                              Dit zal Combofix en ook alle gerelateerde mappen en bestanden verwijderen.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X