aaaido

Lid

Bekijk profiel Bekijk hun activiteit

Items
7
Registratiedatum
7 april 2012
Laatst bezocht
9 april 2012

aaaido's prestaties

Groentje (2/14)

Recente badges

Reputatie

Hijack log. voornamelijk probleem met text enhance

aaaido reageerde op aaaido's topic in Archief Bestrijding malware & virussen

Nogmaals dank voor jullie heldere en goede hulp
- 9 april 2012
- 13 antwoorden
Hijack log. voornamelijk probleem met text enhance

aaaido reageerde op aaaido's topic in Archief Bestrijding malware & virussen

Heb jullie advies opgevolgd en ook Service Pack 1 geinstalleerd. Hopen dat het nu allemaal clean blijft
- 9 april 2012
- 13 antwoorden
Hijack log. voornamelijk probleem met text enhance

aaaido reageerde op aaaido's topic in Archief Bestrijding malware & virussen

Opgelost Hartelijk bedankt voor de snelle hulp! Waardeer ik enorm
- 8 april 2012
- 13 antwoorden
Hijack log. voornamelijk probleem met text enhance

aaaido reageerde op aaaido's topic in Archief Bestrijding malware & virussen

ComboFix 12-04-07.03 - Bol 08-04-2012 21:31:38.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.4095.2442 [GMT 2:00] Gestart vanuit: c:\users\Bol\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Bol\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\codec-info c:\codec-info\codec_info.html c:\program files (x86)\Premiumplay Codec-C c:\program files (x86)\Premiumplay Codec-C\appAPIinternalWrapper.js c:\program files (x86)\Premiumplay Codec-C\fb.js c:\program files (x86)\Premiumplay Codec-C\jquery.js c:\program files (x86)\Premiumplay Codec-C\json.js c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.exe c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.ico c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.ini c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-CGui.exe c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-CInstaller.log c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe c:\programdata\Premium c:\users\Bol\AppData\Local\Premiumplay Codec-C c:\users\Bol\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\burnlib.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\dsp_sps.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\enc_aacplus.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\enc_flac.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\enc_flake.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\enc_lame.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\enc_vorbis.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\enc_wav.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\enc_wma.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_crasher.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_dropbox.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_ff.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_hotkeys.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_jumpex.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_ml.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_orgler.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_tray.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\gen_undo.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_avi.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_cdda.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_dshow.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_flac.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_flv.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_linein.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_midi.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_mkv.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_mod.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_mp3.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_mp4.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_nsv.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_swf.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_vorbis.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_wav.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_wave.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_wm.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\in_wv.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_addons.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_autotag.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_bookmarks.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_dash.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_disc.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_history.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_impex.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_local.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_nowplaying.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_online.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_orb.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_playlists.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_plg.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_pmp.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_rg.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_transcode.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ml_wire.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\ombrowser.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\out_disk.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\out_ds.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\out_wave.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\playlist.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\pmp_activesync.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\pmp_ipod.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\pmp_njb.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\pmp_p4s.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\pmp_usb.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\tagz.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\vis_avs.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\vis_milk2.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\vis_nsfs.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\winamp.lng c:\users\Bol\AppData\Local\Temp\WLZB0C7.tmp\winampa.lng c:\users\Bol\AppData\Roaming\jdv50pd.log c:\windows\SysWow64\dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))) . . 2012-04-08 19:46 . 2012-04-08 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-08 10:12 . 2012-04-08 10:12 -------- d-----w- c:\users\Bol\AppData\Roaming\Malwarebytes 2012-04-08 10:12 . 2012-04-08 10:12 -------- d-----w- c:\programdata\Malwarebytes 2012-04-08 10:12 . 2012-04-08 10:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-08 10:12 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-05 20:33 . 2012-04-05 20:33 -------- d-----w- c:\program files\Microsoft Silverlight 2012-04-05 20:33 . 2012-04-05 20:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-04-05 20:27 . 2012-04-05 20:27 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-05 20:27 . 2012-04-05 20:27 -------- d-----w- c:\program files (x86)\Java 2012-04-05 20:02 . 2012-04-05 20:02 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2012-04-05 20:02 . 2012-04-05 20:02 -------- d-----w- c:\windows\system32\wbem\en-US 2012-04-05 19:16 . 2012-04-05 19:16 -------- d--h--w- c:\windows\msdownld.tmp 2012-04-05 19:13 . 2012-04-05 19:13 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-03-31 15:10 . 2012-03-31 15:10 -------- d-----w- c:\programdata\InstallMate 2012-03-18 14:31 . 2012-03-18 14:31 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 14:31 . 2012-03-18 14:31 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-05 20:27 . 2011-05-02 22:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-27 07:30 . 2011-09-28 08:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2012-04-08_12.19.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-04-08 19:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-04-08 12:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-08 19:48 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-08 12:19 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-08 12:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-08 19:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-06-08 18:17 . 2012-04-08 19:27 53254 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-08 19:27 30652 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-06-08 17:43 . 2012-04-08 19:27 14858 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3257472996-498828906-1456225210-1001_UserData.bin + 2012-04-08 19:48 . 2012-04-08 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-08 12:18 . 2012-04-08 12:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-08 12:18 . 2012-04-08 12:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-04-08 19:48 . 2012-04-08 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 09:16 . 2012-04-08 10:28 701326 c:\windows\system32\perfh013.dat + 2009-07-14 09:16 . 2012-04-08 19:31 701326 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-04-08 10:28 615810 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-08 19:31 615810 c:\windows\system32\perfh009.dat + 2009-07-14 09:16 . 2012-04-08 19:31 133358 c:\windows\system32\perfc013.dat - 2009-07-14 09:16 . 2012-04-08 10:28 133358 c:\windows\system32\perfc013.dat - 2009-07-14 02:36 . 2012-04-08 10:28 106190 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-04-08 19:31 106190 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-04-08 12:17 471216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-04-08 19:46 471216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 02:34 . 2012-04-05 22:06 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-04-08 13:26 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] "Facebook Update"="c:\users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-07 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-29 393616] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Bol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\permham] c:\windows\system32\config\systemprofile\AppData\Local\permham.dll [bU] . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176] R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files (x86)\Icecast2 Win32\icecastService.exe [2008-05-24 417792] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176] R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RDID1098;UA-1G;c:\windows\system32\Drivers\rdwm1098.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 RL_DJIF;usb-audio.de driver for Reloop Digital Jockey Interface;c:\windows\system32\Drivers\rldjifu.sys [x] S3 RL_DJIF_WDM;Digital Jockey Interface WDM Audio;c:\windows\system32\drivers\rldjifa.sys [x] S3 RL_DJIFM;Digital Jockey Interface WDM Midi Device;c:\windows\system32\drivers\rldjifm.sys [x] S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3257472996-498828906-1456225210-1001Core.job - c:\users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 20:59] . 2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3257472996-498828906-1456225210-1001UA.job - c:\users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 20:59] . 2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 06:15] . 2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Bol\AppData\Roaming\Mozilla\Firefox\Profiles\nakyz3wh.default\ FF - prefs.js: keyword.URL - hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=5iQMwxPL&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 54848 FF - prefs.js: network.proxy.type - 4 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3257472996-498828906-1456225210-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95E213F9-F738-5AB1-602D-D175B6F86448}*] "iahcddpeamihmmmepo"=hex:6a,61,6c,62,63,69,6d,66,62,6b,64,66,6a,66,61,64,6d,6e, 67,63,00,00 "hanjfnjhgnbopaod"=hex:6a,61,6c,62,6f,6c,61,62,6b,65,70,65,6f,6f,66,6f,62,6e, 6a,64,00,00 "ialdggdpmdecigniik"=hex:63,61,66,62,69,6c,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\programdata\TVersity\Media Server\MediaServer.exe . ************************************************************************** . Voltooingstijd: 2012-04-08 22:01:53 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-08 20:01 ComboFix2.txt 2012-04-08 12:26 . Pre-Run: 109.330.325.504 bytes beschikbaar Post-Run: 109.025.468.416 bytes beschikbaar . - - End Of File - - D64047F03F274A80A101B33710ECED78
- 8 april 2012
- 13 antwoorden
Hijack log. voornamelijk probleem met text enhance

aaaido reageerde op aaaido's topic in Archief Bestrijding malware & virussen

ComboFix 12-04-07.03 - Bol 08-04-2012 14:05:38.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.4095.2157 [GMT 2:00] Gestart vanuit: c:\users\Bol\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\config.bin c:\config.bin\F64584268A22527 c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\burnlib.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\dsp_sps.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\enc_aacplus.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\enc_flac.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\enc_flake.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\enc_lame.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\enc_vorbis.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\enc_wav.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\enc_wma.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_crasher.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_dropbox.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_ff.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_hotkeys.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_jumpex.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_ml.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_orgler.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_tray.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\gen_undo.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_avi.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_cdda.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_dshow.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_flac.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_flv.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_linein.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_midi.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_mkv.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_mod.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_mp3.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_mp4.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_nsv.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_swf.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_vorbis.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_wav.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_wave.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_wm.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\in_wv.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_addons.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_autotag.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_bookmarks.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_dash.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_disc.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_history.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_impex.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_local.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_nowplaying.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_online.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_orb.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_playlists.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_plg.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_pmp.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_rg.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_transcode.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ml_wire.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\ombrowser.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\out_disk.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\out_ds.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\out_wave.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\playlist.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\pmp_activesync.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\pmp_ipod.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\pmp_njb.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\pmp_p4s.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\pmp_usb.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\tagz.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\vis_avs.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\vis_milk2.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\vis_nsfs.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\winamp.lng c:\users\Bol\AppData\Local\Temp\WLZACB3.tmp\winampa.lng c:\users\Bol\AppData\Roaming\Adobe\plugs c:\users\Bol\AppData\Roaming\Adobe\shed c:\users\Bol\AppData\Roaming\rw1mvu68.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))) . . 2012-04-08 12:17 . 2012-04-08 12:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-08 10:12 . 2012-04-08 10:12 -------- d-----w- c:\users\Bol\AppData\Roaming\Malwarebytes 2012-04-08 10:12 . 2012-04-08 10:12 -------- d-----w- c:\programdata\Malwarebytes 2012-04-08 10:12 . 2012-04-08 10:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-08 10:12 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-05 20:33 . 2012-04-05 20:33 -------- d-----w- c:\program files\Microsoft Silverlight 2012-04-05 20:33 . 2012-04-05 20:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-04-05 20:27 . 2012-04-05 20:27 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-05 20:27 . 2012-04-05 20:27 -------- d-----w- c:\program files (x86)\Java 2012-04-05 20:02 . 2012-04-05 20:02 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2012-04-05 20:02 . 2012-04-05 20:02 -------- d-----w- c:\windows\system32\wbem\en-US 2012-04-05 19:16 . 2012-04-05 19:16 -------- d--h--w- c:\windows\msdownld.tmp 2012-04-05 19:13 . 2012-04-05 19:13 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-03-31 15:10 . 2012-03-31 15:10 -------- d-----w- c:\programdata\Premium 2012-03-31 15:10 . 2012-03-31 15:10 -------- d-----w- c:\users\Bol\AppData\Local\Premiumplay Codec-C 2012-03-31 15:10 . 2012-03-31 15:10 -------- d-----w- c:\program files (x86)\Premiumplay Codec-C 2012-03-31 15:10 . 2012-03-31 15:10 -------- d-----w- C:\codec-info 2012-03-31 15:10 . 2012-03-31 15:10 -------- d-----w- c:\programdata\InstallMate 2012-03-18 14:31 . 2012-03-18 14:31 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 14:31 . 2012-03-18 14:31 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-05 20:27 . 2011-05-02 22:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-27 07:30 . 2011-09-28 08:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] "Facebook Update"="c:\users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-07 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-29 393616] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Bol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176] R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RDID1098;UA-1G;c:\windows\system32\Drivers\rdwm1098.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files (x86)\Icecast2 Win32\icecastService.exe [2008-05-24 417792] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 RL_DJIF;usb-audio.de driver for Reloop Digital Jockey Interface;c:\windows\system32\Drivers\rldjifu.sys [x] S3 RL_DJIF_WDM;Digital Jockey Interface WDM Audio;c:\windows\system32\drivers\rldjifa.sys [x] S3 RL_DJIFM;Digital Jockey Interface WDM Midi Device;c:\windows\system32\drivers\rldjifm.sys [x] S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3257472996-498828906-1456225210-1001Core.job - c:\users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 20:59] . 2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3257472996-498828906-1456225210-1001UA.job - c:\users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 20:59] . 2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 06:15] . 2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Bol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Bol\AppData\Roaming\Mozilla\Firefox\Profiles\nakyz3wh.default\ FF - prefs.js: keyword.URL - hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=5iQMwxPL&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 54848 FF - prefs.js: network.proxy.type - 4 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 68371fdc000000000000001fe254bbdb FF - user.js: extensions.BabylonToolbar_i.hardId - 68371fdc000000000000001fe254bbdb FF - user.js: extensions.BabylonToolbar_i.instlDay - 15361 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:32 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . Notify-permham - c:\windows\system32\config\systemprofile\AppData\Local\permham.dll AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE AddRemove-RD - c:\users\Bol\Desktop\VST\RD\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3257472996-498828906-1456225210-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95E213F9-F738-5AB1-602D-D175B6F86448}*] "iahcddpeamihmmmepo"=hex:6a,61,6c,62,63,69,6d,66,62,6b,64,66,6a,66,61,64,6d,6e, 67,63,00,00 "hanjfnjhgnbopaod"=hex:6a,61,6c,62,6f,6c,61,62,6b,65,70,65,6f,6f,66,6f,62,6e, 6a,64,00,00 "ialdggdpmdecigniik"=hex:63,61,66,62,69,6c,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\programdata\TVersity\Media Server\MediaServer.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files (x86)\Logitech\LWS\LU\***nchr.exe c:\program files (x86)\Logitech\LWS\LU\LogitechUpdate.exe . ************************************************************************** . Voltooingstijd: 2012-04-08 14:26:53 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-08 12:26 . Pre-Run: 108.623.294.464 bytes beschikbaar Post-Run: 109.273.673.728 bytes beschikbaar . - - End Of File - - 68B6AA65B5A768D5224468F0C6E3E6DB Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:33:46, on 8-4-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Users\Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Logitech\LWS\LU\***nchr.exe C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe C:\Users\Bol\Desktop\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - Startup: Dropbox.lnk = Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: permham - C:\Windows\system32\config\systemprofile\AppData\Local\permham.dll (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files (x86)\Icecast2 Win32\icecastService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10228 bytes
- 8 april 2012
- 13 antwoorden
Hijack log. voornamelijk probleem met text enhance

aaaido reageerde op aaaido's topic in Archief Bestrijding malware & virussen

Dat dacht ik al.... Hierbij Hijack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:26:07, on 8-4-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Users\Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bol\Downloads\HijackThis (1).exe C:\Program Files (x86)\Logitech\LWS\LU\***nchr.exe C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: CrossriderApp0000435 - {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - Startup: Dropbox.lnk = Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: permham - C:\Windows\system32\config\systemprofile\AppData\Local\permham.dll (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files (x86)\Icecast2 Win32\icecastService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11630 bytes Mallware log: Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.04.08.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Bol :: BOL-PC [administrator] 8-4-2012 12:12:58 mbam-log-2012-04-08 (12-12-58).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 207438 Verstreken tijd: 7 minuut/minuten, 49 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Audio HD Driver (Trojan.Downloader) -> Data: C:\Users\Bol\AppData\Local\Temp\SystemDriver.exe -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:54848 -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 7 C:\Users\Bol\AppData\Local\Temp\4124385.Uninstall\Uninstall.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bol\Downloads\Codec-C.exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bol\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bol\Downloads\MusicConverterSetup.exe (Adware.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bol\AppData\Roaming\System\svchost.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bol\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bol\AppData\Roaming\Adobe\plugs\mmc149.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)
- 8 april 2012
- 13 antwoorden
Hijack log. voornamelijk probleem met text enhance

aaaido plaatste een topic in Archief Bestrijding malware & virussen

Ik heb voornamelijk problemen met text enhance. Mogelijk is er nog meer mis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:26:34, on 7-4-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\PC Tools Security\pctsGui.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Users\Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Logitech\LWS\LU\***nchr.exe C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bol\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54848 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: CrossriderApp0000435 - {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Audio HD Driver] C:\Users\Bol\AppData\Local\Temp\SystemDriver.exe O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [Ltorup] rundll32.exe "C:\Users\Bol\AppData\Local\bcosel9.dll",Startup O4 - HKCU\..\Run: [scfpwb] C:\Users\Bol\AppData\Roaming\b2l0zj6.exe O4 - HKCU\..\Run: [Local Account Service] C:\Users\Bol\AppData\Roaming\lssas.exe O4 - HKCU\..\Run: [mslivemsn] C:\Users\Bol\AppData\Local\Temp\ncdgdnx\svchost.exe O4 - HKCU\..\Run: [office] "C:\Windows\system32\rundll32.exe" C:\Users\Bol\AppData\Local\Temp\101821.dll,S O4 - HKCU\..\Run: [{01C9C50F-20E9-0EF4-9CC5-0A72D6270B87}] C:\Users\Bol\AppData\Roaming\Izoxeb\igdi.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Bol\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - Startup: Dropbox.lnk = Bol\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: permham - C:\Windows\system32\config\systemprofile\AppData\Local\permham.dll (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files (x86)\Icecast2 Win32\icecastService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13136 bytes
- 7 april 2012
- 13 antwoorden

Inloggen

aaaido

Items

Registratiedatum

Laatst bezocht

aaaido's prestaties

Groentje (2/14)

Recente badges

Reputatie

Hijack log. voornamelijk probleem met text enhance

Hijack log. voornamelijk probleem met text enhance

Hijack log. voornamelijk probleem met text enhance

Hijack log. voornamelijk probleem met text enhance

Hijack log. voornamelijk probleem met text enhance

Hijack log. voornamelijk probleem met text enhance

Hijack log. voornamelijk probleem met text enhance

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie