Ga naar inhoud

Marito

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    16

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Marito

  1. Marito
    Er is niet meer afgesloten, hopelijk blijft dit zo. In ieder geval heel erg bedankt (vast) voor de moeite. Met vriendelijke groet, Marito
  2. Marito
    En hier is de volgende. FRST.txt
  3. Marito
    O.K, dit is de link : http://speccy.piriform.com/results/vAdcpRO3oLJVl4mSeySUWca
  4. Marito
    Toen kreeg ik deze (vreemde) melding (bijlage)
  5. Marito
    Er waren 2 logjes, hier zijn ze. Eset 2.txt ESET.txt
  6. Marito
    In je uitleg stond dit :Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek. Er werd een bedreiging gevonden, die is verwijderd, toen het log opgeslagen :Mbam met bedreigingen Na het schoonmaken is er weer gescand en dit log heet :Mbam zonder bedreigingen. Mbam zonder bedreigingen.txt Mbam met bedreigingen.txt
  7. Marito
    Van https://handbrake.fr/
  8. Marito
    Hier is het log. Het is me opgevallen dat het al 3x gebeurt als ik Handbrake geopend heb, misschien ???? zoek-results.txt
  9. Marito
    @iEscape, Bedankt alvast, ik wacht af. Gr, Marito
  10. Marito
    Hi @iEscape, Dank voor je snelle reactie. Hier het logtxtje, hopelijk is het goed gegaan. log.txt
  11. Marito
    Tja, ik heb hier iets over gelezen maar geen oplossing gevonden. ik krijg de melding :U wordt nu afgemeld - Windows wordt over 1 minuut afgesloten. En ja hoor, de boel wordt afgesloten, erg vervelend. Op m'n PC draait ESET smart security, up-to-date en die heeft geen melding gegeven, net als Windows Defender. Heeft iemand hier ervaring mee ? Hulp is zeer welkom, Marito
  12. Marito
    Hi Zo te zien niet meer, ik wil je hartelijk bedanken. Groet, Marito
  13. Marito
    Hi Sorry, ik was te vroeg met mijn vraag, ik heb het gedaan en dit is het log: ComboFix 12-01-23.02 - Mario 25-01-2012 20:46:00.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3037.1658 [GMT 1:00] Gestart vanuit: c:\users\Mario\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Mario\Desktop\CFScript.txt.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))) . . 2012-01-25 19:52 . 2012-01-25 19:52 -------- d-----w- c:\users\Mario\AppData\Local\temp 2012-01-25 19:52 . 2012-01-25 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-25 14:41 . 2012-01-25 14:41 388096 ----a-r- c:\users\Mario\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-25 10:44 . 2012-01-25 10:44 -------- d-----w- c:\program files\Trend Micro 2012-01-25 08:02 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\mpengine.dll 2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\users\Mario\AppData\Local\PCStreams3 2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\programdata\PCStreams 2012-01-23 11:51 . 2012-01-23 11:51 -------- d-----w- c:\program files\PCStreams 2012-01-23 11:48 . 2012-01-23 11:48 -------- d-----w- c:\users\Mario\AppData\Roaming\Downloaded Installations 2012-01-17 22:53 . 2012-01-19 08:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Obc 2012-01-17 22:53 . 2012-01-18 23:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Abe 2012-01-11 16:44 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 16:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll 2012-01-11 16:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 16:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll 2012-01-09 21:48 . 2012-01-12 22:16 -------- d-----w- c:\users\Mario\AppData\Local\sabnzbd 2012-01-08 22:03 . 2012-01-08 22:03 -------- d-----w- C:\TRIAL___RETRIBUTION_SEIZOEN_16_D 2012-01-03 21:29 . 2012-01-03 21:29 -------- d-----w- c:\users\Mario\AppData\Local\THWIT 2012-01-03 20:38 . 2012-01-03 20:38 -------- d-----w- c:\program files\Spotplanet Viewer 2012-01-03 20:06 . 2012-01-04 17:57 -------- d-----w- c:\program files\vShare.tv plugin 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2012-01-01 20:41 . 2012-01-01 20:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-01 20:41 . 2012-01-01 20:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-01 20:41 . 2012-01-01 20:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-01 20:41 . 2012-01-01 20:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 00:33 . 2011-12-27 00:33 -------- d-----w- c:\users\Mario\AppData\Local\LogMeIn 2011-12-27 00:33 . 2011-12-07 17:22 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-12-27 00:33 . 2011-12-07 17:22 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-12-27 00:33 . 2011-12-07 17:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-12-27 00:33 . 2011-09-16 13:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2011-12-27 00:33 . 2011-12-07 17:21 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-12-27 00:33 . 2012-01-25 07:55 -------- d-----w- c:\programdata\LogMeIn 2011-12-27 00:32 . 2011-12-27 00:36 -------- d-----w- c:\program files\LogMeIn . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-06 04:19 . 2010-08-28 07:51 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-05 10:10 . 2011-05-27 09:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-24 04:25 . 2011-12-15 14:48 2342912 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 04:26 . 2011-12-15 15:07 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-03 22:47 . 2011-12-16 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-03 22:40 . 2011-12-16 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 22:39 . 2011-12-16 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 22:31 . 2011-12-16 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-01-01 20:41 . 2011-10-25 20:47 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] 2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-10-21 08:58 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 netw5v32;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-09 47360] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1343400] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-29 232512] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-12-07 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-29 5120] S3 NETw5s32;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = <local>;*.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 TCP: Interfaces\{9D808EDE-6D30-45EE-8302-27858964840D}: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\pcj9uwrs.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 28091 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-01-25 20:53:38 ComboFix-quarantined-files.txt 2012-01-25 19:53 ComboFix2.txt 2012-01-25 14:34 . Pre-Run: 115.246.452.736 bytes beschikbaar Post-Run: 115.192.872.960 bytes beschikbaar . - - End Of File - - 0E328F7856E97AF9E85762A5D3036E3F
  14. Marito
    ------------------------------------------------------------------------------------------ Hi Het eerste heb ik gedaan, maar het opslaan als CFScript begrijp ik niet, moet ik het kladbokbestand hernoemen ? En hoe kan ik het CFscript.txt in Combofix.exe slepen ?
  15. Marito
    Hi Hier zijn de logs: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:44:52, on 25-1-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Users\Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - Startup: Dropbox.lnk = Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 4444 bytes -------------------------------------------------------------------------------------- ComboFix 12-01-23.02 - Mario 25-01-2012 15:26:06.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3037.1483 [GMT 1:00] Gestart vanuit: c:\users\Mario\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\config.Bin c:\programdata\Windows c:\programdata\windows\dumd.dat c:\programdata\Windows\xdor.dat C:\romano.bin c:\users\Mario\AppData\Roaming\19ridof.log c:\users\Mario\AppData\Roaming\Adobe\plugs c:\users\Mario\AppData\Roaming\Adobe\shed c:\users\Mario\AppData\Roaming\inst.exe c:\users\Mario\AppData\Roaming\Microsoft\Windows\WTlUiETM0rmPBs.dat c:\users\Mario\AppData\Roaming\Microsoft\Windows\WTlUiETM0rmPBs.xtr c:\users\Mario\AppData\Roaming\Skype\wmplayer.exe c:\users\Mario\AppData\Roaming\vso_ts_preview.xml c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))) . . 2012-01-25 14:32 . 2012-01-25 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-25 14:21 . 2012-01-25 14:21 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\MpKsle596c4da.sys 2012-01-25 11:48 . 2012-01-25 11:48 388096 ----a-r- c:\users\Mario\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-25 10:44 . 2012-01-25 10:44 -------- d-----w- c:\program files\Trend Micro 2012-01-25 08:02 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\mpengine.dll 2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\users\Mario\AppData\Local\PCStreams3 2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\programdata\PCStreams 2012-01-23 11:51 . 2012-01-23 11:51 -------- d-----w- c:\program files\PCStreams 2012-01-23 11:48 . 2012-01-23 11:48 -------- d-----w- c:\users\Mario\AppData\Roaming\Downloaded Installations 2012-01-17 22:53 . 2012-01-19 08:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Obc 2012-01-17 22:53 . 2012-01-18 23:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Abe 2012-01-11 16:44 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 16:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll 2012-01-11 16:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 16:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll 2012-01-09 21:48 . 2012-01-12 22:16 -------- d-----w- c:\users\Mario\AppData\Local\sabnzbd 2012-01-08 22:03 . 2012-01-08 22:03 -------- d-----w- C:\TRIAL___RETRIBUTION_SEIZOEN_16_D 2012-01-03 21:29 . 2012-01-03 21:29 -------- d-----w- c:\users\Mario\AppData\Local\THWIT 2012-01-03 20:38 . 2012-01-03 20:38 -------- d-----w- c:\program files\Spotplanet Viewer 2012-01-03 20:06 . 2012-01-04 17:57 -------- d-----w- c:\program files\vShare.tv plugin 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2012-01-01 20:41 . 2012-01-01 20:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-01 20:41 . 2012-01-01 20:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-01 20:41 . 2012-01-01 20:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-01 20:41 . 2012-01-01 20:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 00:33 . 2011-12-27 00:33 -------- d-----w- c:\users\Mario\AppData\Local\LogMeIn 2011-12-27 00:33 . 2011-12-07 17:22 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-12-27 00:33 . 2011-12-07 17:22 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-12-27 00:33 . 2011-12-07 17:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-12-27 00:33 . 2011-09-16 13:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2011-12-27 00:33 . 2011-12-07 17:21 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-12-27 00:33 . 2012-01-25 07:55 -------- d-----w- c:\programdata\LogMeIn 2011-12-27 00:32 . 2011-12-27 00:36 -------- d-----w- c:\program files\LogMeIn . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-06 04:19 . 2010-08-28 07:51 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-05 10:10 . 2011-05-27 09:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-24 04:25 . 2011-12-15 14:48 2342912 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 04:26 . 2011-12-15 15:07 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-03 22:47 . 2011-12-16 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-03 22:40 . 2011-12-16 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 22:39 . 2011-12-16 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 22:31 . 2011-12-16 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-01-01 20:41 . 2011-10-25 20:47 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] 2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-10-21 08:58 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 netw5v32;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-09 47360] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1343400] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-29 232512] S1 MpKsle596c4da;MpKsle596c4da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\MpKsle596c4da.sys [2012-01-25 29904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-12-07 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-29 5120] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] S3 NETw5s32;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSLE596C4DA . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . mStart Page = hxxp://startsear.ch/?aff=1&cf=eacb4182-2116-11e1-9df5-00235afdcd8d uInternet Settings,ProxyOverride = <local>;*.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 TCP: Interfaces\{9D808EDE-6D30-45EE-8302-27858964840D}: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\pcj9uwrs.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2cef8dd400000000000000235afdcd8d&tlver=1.4.35.10&affID=100474 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 28091 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe MSConfigStartUp-Software - c:\program files\Software.com\Download Center\Download.exe MSConfigStartUp-SpotnetMonitor - c:\program files\RB\Spotnet Watchdog\SpotnetMonitor.exe AddRemove-Convert PDF To Image_is1 - c:\program files\Softinterface . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-01-25 15:34:58 ComboFix-quarantined-files.txt 2012-01-25 14:34 . Pre-Run: 117.907.947.520 bytes beschikbaar Post-Run: 118.020.128.768 bytes beschikbaar . - - End Of File - - 1649D406E6728F50CB6472550CCE93E5
  16. Marito
    Hi Ook ik zit met dat vreselijke babylon, ik kan het niet verwijderen. Omdat ik gelezen heb dat een Hijack log nodig is stuur ik dat vast mee.[ATTACH]16127[/ATTACH] Vast bedankt voor de moeite. Marito hijackthis.log
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.