Ga naar inhoud

Mark Baerveldt

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    23

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Mark Baerveldt

  1. Mark Baerveldt
    Het lijkt een stuk beter. Een spel wat ik eerst niet gestart meer kreeg lijkt het weer te doen. Ook is de computer minder traag voor mijn gevoel
  2. Mark Baerveldt
    Bijgaand Combofix Logbestand ComboFix 13-03-13.02 - Mark 13-03-2013 20:52:26.2.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4061.3405 [GMT 1:00] Gestart vanuit: c:\users\Mark\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Intel0\qpqpdndnn.exe c:\users\Mark\AppData\Roaming\inst.exe c:\users\Mark\AppData\Roaming\vso_ts_preview.xml c:\users\Mark\Steam_Client.exe c:\windows\msvcr71.dll c:\windows\SysWow64\muzapp.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))) . . 2013-03-13 20:00 . 2013-03-13 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-12 15:52 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC7BC3C2-7BBC-4625-A88E-23CB02B174EC}\mpengine.dll 2013-03-10 09:22 . 2013-03-13 19:59 -------- d-sh--w- c:\programdata\Intel0 2013-02-17 07:33 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-17 07:33 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-17 07:28 . 2013-01-09 01:13 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-02-17 07:28 . 2013-01-08 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2013-02-17 07:28 . 2013-01-08 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2013-02-17 07:28 . 2013-01-09 01:14 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-02-17 07:28 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll 2013-02-17 07:28 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll 2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-13 18:22 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 18:22 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 18:22 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 18:21 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 18:21 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 18:21 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 18:21 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 18:21 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 18:21 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 18:21 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 18:21 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 18:21 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-17 07:39 . 2010-07-10 16:27 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 00:28 . 2010-07-10 13:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-13 18:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-21 21:33 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 21:33 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 21:33 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 21:33 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll 2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-11-20 3365176] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-03-02 273544] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Mark\Desktop\Run\a2ddax64.sys [2012-08-11 23208] R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552] R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 119632] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 20552] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RTL8187B;Realtek RTL8187B 802.11b/g 54 Mbps draadloze USB 2.0-netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 ***laby;***laby;c:\windows\system32\DRIVERS\***laby.sys [2009-06-18 15928] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128] . . Inhoud van de 'Gedeelde Taken' map . 2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1293247725-2620836413-3812038035-1000Core.job - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 17:39] . 2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1293247725-2620836413-3812038035-1000UA.job - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 17:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKCU-Run-Intel Common User Interface - c:\programdata\Intel0\qpqpdndnn.exe Wow6432Node-HKLM-Run-Intel Common User Interface - c:\programdata\Intel0\qpqpdndnn.exe WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{0B7430E9-E659-4555-AC67-BE3340AAA519} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1293247725-2620836413-3812038035-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13FAFFAE-1468-8859-3799-1FEFB9F9EF40}*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-03-13 21:03:14 ComboFix-quarantined-files.txt 2013-03-13 20:03 ComboFix2.txt 2012-08-12 19:00 . Pre-Run: 61.603.713.024 bytes beschikbaar Post-Run: 61.110.194.176 bytes beschikbaar . - - End Of File - - 780BF8A3E41A6DFA5620B4955A852E05
  3. Mark Baerveldt
    Nou via de veilige modus is het denk ik gelukt. Zie onderstaand. Scan saved at 19:14:15, on 12-3-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Safe mode with network support Running processes: C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\Downloads\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [intel Common User Interface] C:\ProgramData\Intel0\qpqpdndnn.exe O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [intel Common User Interface] C:\ProgramData\Intel0\qpqpdndnn.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (file missing) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11119 bytes
  4. Mark Baerveldt
    Ja precies gedaan zoals in de handleiding. Zo moeilijk kan het installeren niet zijn.
  5. Mark Baerveldt
    Klinkt heel stom maar als ik HI Jack. msi hebt geinstalleerd krijg ik de melding bij het opstarten als administrator dat het exe.bestand niet gevonden kan worden. Help !
  6. Mark Baerveldt
    Mijn computer loopt niet zoals ik wil, virusscanner ziet niets maar toch wil ik hem eens laten controleren. Wat moet ik aanleveren ?
  7. Mark Baerveldt
    Inloggegevens buitgemaakt door Dorifel | nu.nl/internet | Het laatste nieuws het eerst op nu.nl Hoi Mako, Ik laat het er verder bij zitten dit is te hogeschool voor mij tevens zijn de ip adressen volgens bijgaand stuk geblokkeerd door de providers.
  8. Mark Baerveldt
    Hoi Mako, Ik heb voor het inloggen op de router een gebruikersnaam en ww nodig en ik heb alleen geen idee wat dit is of waar ik dit vind. Mijn internet provider is UPC
  9. Mark Baerveldt
    Hoi Mako, Hoe kan ik dit zien dan ? en blokkeren ?
  10. Mark Baerveldt
    Hoi Mako, Hartelijk bedankt zover, ik zal het vanavond proberen of het lukt. Werkt dit hetzelfde voor domeinnamen ?
  11. Mark Baerveldt
    Hoi, Het gaat om het volgende artikel Nieuwe servers in Dorifelnetwerk ontdekt | nu.nl/internet | Het laatste nieuws het eerst op nu.nl Ik heb zelf Eset Anti Virus, weet niet of dat ook de firewall is mijn partner gebruik mcafee weet niet of dat ook tevens firewall is Tevens heb ik gelezen dat het via een hosts bestand kan ? Bedankt.
  12. Mark Baerveldt
    Hoi, Volgens een nieuwsbericht hedenmorgen zijn er twee nieuwe dorifel malwareservers ontdekt. Er wordt aangeraden deze IP adressen te blokkeren. Kunnen jullie mij dit stap voor stap uileggen hoe dit moet. Vriendelijk bedankt.
  13. Mark Baerveldt
    Oke hartelijk bedankt voor je deskundige hulp. Ik kwam er zelf niet meer uit. Ik zal in de toekomst regelmatig de software voor virussen en malware regelmatig gebruiken en mocht ik wat geks tegenkomen zal ik zeker hier nog eens terugkomen. Keep up the good work, many many thanks.
  14. Mark Baerveldt
    Hoi Kape, Combofix verwijderd, CC cleaner gebruikt. Is het mogelijk om de emergency kit scanner gewoon te blijven gebruiken ? Is nu alles ( inclusief internetbankieren ) weer veilig te gebruiken ?
  15. Mark Baerveldt
    Heb je nu nog wat nodig ? Is alles opgelost nu ? Zijn alle virus nu er vanaf ? heb je nog advies voor toekomst ? Kan ik alle software op laptop laten staan ?
  16. Mark Baerveldt
    Hoi Kape, Bestand Found000 verwijderd, Tevens Eset scan als beheerder gedaan. Zie bijgevoegd logbestand. Logboek wordt gescand Versie van database viruskenmerken: 7381 (20120813) Datum: 13-8-2012 Tijd: 19:17:54 Gescande schijven, mappen en bestanden: Werkgeheugen;Opstartsector;C:\Opstartsector;C:\;D:\Opstartsector;D:\ C:\hiberfil.sys - fout tijdens openen [4] C:\pagefile.sys - fout tijdens openen [4] C:\Boot\BCD - fout tijdens openen [4] C:\Boot\BCD.LOG - fout tijdens openen [4] C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = PROCESS_LIBRARY.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = HIRING_REQUISITION_CUSTOMIZED.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = HIRING_REQUISITION.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = TRACK_ISSUES.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = POLICIES.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Common Files\Wise Installation Wizard\WISF896D02690164122B9BD957FF092FFE9_4_9_12_4023.MSI = MSI = Cabs.w1.cab = CAB = SHDS.mht = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - fout tijdens openen [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - fout tijdens openen [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - fout tijdens openen [4] C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - fout tijdens openen [4] C:\System Volume Information\Syscache.hve - fout tijdens openen [4] C:\System Volume Information\Syscache.hve.LOG1 - fout tijdens openen [4] C:\System Volume Information\Syscache.hve.LOG2 - fout tijdens openen [4] C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - fout tijdens openen [4] C:\System Volume Information\{d181cab6-e449-11e1-a72b-485b39398f45}{3808876b-c176-4e48-b7ae-04046e6cc752} - fout tijdens openen [4] C:\System Volume Information\{fd2cb406-e4b1-11e1-87de-485b39398f45}{3808876b-c176-4e48-b7ae-04046e6cc752} - fout tijdens openen [4] C:\System Volume Information\{fd2cb446-e4b1-11e1-87de-485b39398f45}{3808876b-c176-4e48-b7ae-04046e6cc752} - fout tijdens openen [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - fout tijdens openen [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - fout tijdens openen [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - fout tijdens openen [4] C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - fout tijdens openen [4] C:\Users\Mark\NTUSER.DAT - fout tijdens openen [4] C:\Users\Mark\ntuser.dat.LOG1 - fout tijdens openen [4] C:\Users\Mark\ntuser.dat.LOG2 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateHelper.msi = MSI = required.cab = CAB - fout bij lezen van archief C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml = MIME - is OK (geen interne scan uitgevoerd) C:\Users\Mark\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\3856428C-00000001.eml = MIME - is OK (geen interne scan uitgevoerd) C:\Users\Mark\AppData\Roaming\GrabIt\Temp\ktr.sas.12.07.27.charisma.cappelli.rar = RAR = - archief beschadigd C:\Users\Mark\AppData\Roaming\GrabIt\Temp\pr0n.120727.rar = RAR = pr0n.120727.mp4 - archief beschadigd C:\Users\Mark\Documents\LimeWire\Saved\16_Horsepower_-_Live_March_2001_(2008)_320Kbit\16 Horsepower - Live March 2001 (2008) 320Kbit.part1.rar = RAR = 16 Horsepower - Live March 2001 (2008) 320Kbit\103 wayfaring stranger.mp3 - volgend archiefvolume niet gevonden C:\Users\Mark\Documents\LimeWire\Saved\Dubliners_-_Live_in_carre\Dubliners - Live in carre.part1.rar = RAR = 04 - Building up and tearing england down.mp3 - volgend archiefvolume niet gevonden C:\Users\Mark\Documents\LimeWire\Saved\Ilse_DeLange_-_Live\Ilse DeLange - Live.part1.rar = RAR = Ilse DeLange - Live\cd1\Ilse de Lange - Live - 105 - Livin' On Love.mp3 - volgend archiefvolume niet gevonden C:\Users\Mark\Downloads\chromeinstall-7u5 (1).exe = CAB = jusched - archief beschadigd. Het bestand kon niet worden uitgepakt. C:\Users\Mark\Downloads\chromeinstall-7u5 (1).exe = CAB = task.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. C:\Users\Mark\Downloads\chromeinstall-7u5 (1).exe = CAB = task64.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. C:\Users\Mark\Downloads\chromeinstall-7u5.exe = CAB = jusched - archief beschadigd. Het bestand kon niet worden uitgepakt. C:\Users\Mark\Downloads\chromeinstall-7u5.exe = CAB = task.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. C:\Users\Mark\Downloads\chromeinstall-7u5.exe = CAB = task64.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. C:\Windows\Installer\abe62.msi = MSI = Cabs.w1.cab = CAB = SHDS.mht = MIME - is OK (geen interne scan uitgevoerd) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\db.mdb - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\edb.log - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\tmp.edb - fout tijdens openen [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - fout tijdens openen [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - fout tijdens openen [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - fout tijdens openen [4] C:\Windows\System32\catroot2\edb.log - fout tijdens openen [4] C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - fout tijdens openen [4] C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - fout tijdens openen [4] D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 14.zip = ZIP = C\Users\Mark\Documents\LimeWire\Saved\16_Horsepower_-_Live_March_2001_(2008)_320Kbit\16 Horsepower - Live March 2001 (2008) 320Kbit.part1.rar = RAR = 16 Horsepower - Live March 2001 (2008) 320Kbit\103 wayfaring stranger.mp3 - volgend archiefvolume niet gevonden D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 28.zip = ZIP = C\Users\Mark\Documents\LimeWire\Saved\Armin van Buuren\13 - Armin Van Buuren - Full Focus.mp3 - fout bij lezen van archief D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 5.zip = ZIP = C\Users\Mark\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateHelper.msi = MSI = required.cab = CAB - fout bij lezen van archief D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 5.zip = ZIP = C\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml = MIME - is OK (geen interne scan uitgevoerd) D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 5.zip = ZIP = C\Users\Mark\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\3856428C-00000001.eml = MIME - is OK (geen interne scan uitgevoerd) D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 7.zip = ZIP = C\Users\Mark\Downloads\chromeinstall-7u5 (1).exe = CAB = jusched - archief beschadigd. Het bestand kon niet worden uitgepakt. D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 7.zip = ZIP = C\Users\Mark\Downloads\chromeinstall-7u5 (1).exe = CAB = task.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 7.zip = ZIP = C\Users\Mark\Downloads\chromeinstall-7u5 (1).exe = CAB = task64.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 7.zip = ZIP = C\Users\Mark\Downloads\chromeinstall-7u5.exe = CAB = jusched - archief beschadigd. Het bestand kon niet worden uitgepakt. D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 7.zip = ZIP = C\Users\Mark\Downloads\chromeinstall-7u5.exe = CAB = task.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 202537\Backup files 7.zip = ZIP = C\Users\Mark\Downloads\chromeinstall-7u5.exe = CAB = task64.xml - archief beschadigd. Het bestand kon niet worden uitgepakt. D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 212434\Backup files 10.zip = ZIP = C\Users\Mark\Documents\LimeWire\Saved\Dubliners_-_Live_in_carre\Dubliners - Live in carre.part1.rar = RAR = 04 - Building up and tearing england down.mp3 - volgend archiefvolume niet gevonden D:\MARK-PC\Backup Set 2012-08-12 202537\Backup Files 2012-08-12 212434\Backup files 29.zip = ZIP = C\Users\Mark\Documents\LimeWire\Saved\Ilse_DeLange_-_Live\Ilse DeLange - Live.part1.rar = RAR = Ilse DeLange - Live\cd1\Ilse de Lange - Live - 105 - Livin' On Love.mp3 - volgend archiefvolume niet gevonden Aantal gescande objecten: 708872 Aantal gevonden bedreigingen: 0 Tijdstip van voltooiing: 21:12:19 Totale scantijd: 6865 sec. (01:54:25) Opmerkingen: [4] Het object kan niet worden geopend. Het wordt mogelijk gebruikt door een ander programma of het besturingssysteem. Zie jij nog gekke dingen in dit logbestand ?
  17. Mark Baerveldt
    Hoi Kape, Ik heb de 3 bestanden manueel verwijderd en mijn prullenbak geleegd. Ik heb found 001 en 002 verwijderd, maar ik heb ook found 000 op mijn computer staan moet deze niet verwijderd worden ? Bijgaand ook logbestand van de emergency kit scanner Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 13-8-2012 16:28:23 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 13-8-2012 16:29:05 Key: hkey_current_user\software\imesh Ontdekt: Trace.Registry.imesh!E1 Value: hkey_current_user\software\imesh --> lastopenfiledir Ontdekt: Trace.Registry.imesh!E1 Gescand 599529 Gevonden 2 Scan geëindigd: 13-8-2012 17:58:03 Scantijd: 1:28:58 Key: hkey_current_user\software\imesh Verwijderd Trace.Registry.imesh!E1 Value: hkey_current_user\software\imesh --> lastopenfiledir Verwijderd Trace.Registry.imesh!E1 Verwijderd 2
  18. Mark Baerveldt
    Hoi Kape, Bijgaand logbestand door combofix. ComboFix 12-08-10.02 - Mark 12-08-2012 20:37:15.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4061.2251 [GMT 2:00] Gestart vanuit: c:\users\Mark\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\ASPG_icon.ico c:\programdata\FullRemove.exe c:\users\Mark\AppData\Local\TempDIR . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))) . . 2012-08-12 18:53 . 2012-08-12 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-12 06:46 . 2012-08-12 06:46 -------- d-----w- C:\found.002 2012-08-10 17:24 . 2012-08-10 17:24 -------- d-----w- c:\program files\CCleaner 2012-08-10 13:28 . 2012-08-10 13:28 388096 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-10 13:28 . 2012-08-10 13:28 -------- d-----w- c:\program files (x86)\Trend Micro 2012-08-10 13:17 . 2012-08-10 13:17 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes 2012-08-10 13:17 . 2012-08-10 13:17 -------- d-----w- c:\programdata\Malwarebytes 2012-08-10 13:17 . 2012-08-10 13:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-10 13:17 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-10 13:10 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CC30F0B-6FF8-46C3-92C8-8FF360BDF0ED}\mpengine.dll 2012-08-03 17:38 . 2012-08-03 17:38 -------- d-----w- c:\users\Mark\AppData\Local\Apps 2012-08-03 17:38 . 2012-08-03 17:39 -------- d-----w- c:\users\Mark\AppData\Local\Deployment 2012-08-03 13:09 . 2012-08-03 13:09 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe 2012-08-03 13:09 . 2012-08-03 13:09 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe 2012-08-03 13:09 . 2012-08-03 13:09 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe 2012-08-03 13:09 . 2012-08-03 13:10 -------- d-----w- C:\sh4ldr 2012-08-03 13:09 . 2012-08-03 13:09 -------- d-----w- c:\program files\Enigma Software Group 2012-08-03 13:08 . 2012-08-03 13:09 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-08-03 13:08 . 2012-08-03 13:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-08-03 08:37 . 2012-08-03 08:37 -------- d-----w- C:\found.001 2012-08-01 17:04 . 2012-08-05 15:45 -------- d-----w- c:\users\Mark\AppData\Roaming\Pro Cycling Manager 2012 2012-08-01 16:41 . 2012-08-01 18:19 -------- d-----w- c:\program files (x86)\Cyanide 2012-08-01 16:21 . 2012-08-01 16:32 -------- d-----w- c:\users\Mark\AppData\Local\QuickPar . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-13 15:06 . 2010-07-10 16:27 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-12 03:08 . 2012-07-13 15:30 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-12 16:35 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-08 13:16 . 2012-06-08 13:16 350208 ----a-w- c:\windows\SysWow64\d3drm.dll 2012-06-06 06:06 . 2012-07-12 16:35 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-12 16:35 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-12 16:34 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-12 16:35 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-12 16:35 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-12 16:34 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-22 14:44 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 14:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 14:45 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 14:45 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 14:44 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 14:45 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 14:44 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-22 14:44 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-22 14:44 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-12 16:34 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-12 16:34 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-12 16:34 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-12 16:34 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-12 16:34 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-12 16:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-12 16:34 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-12 16:34 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-12 16:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 10:25 . 2010-07-10 13:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll 2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-11-20 3365176] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-03-02 273544] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Mark\Downloads\Run\a2ddax64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 RTL8187B;Realtek RTL8187B 802.11b/g 54 Mbps draadloze USB 2.0-netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 ***laby;***laby;c:\windows\system32\DRIVERS\***laby.sys [2009-06-18 15928] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 119632] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 20552] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144] . . Inhoud van de 'Gedeelde Taken' map . 2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1293247725-2620836413-3812038035-1000Core.job - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 17:39] . 2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1293247725-2620836413-3812038035-1000UA.job - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 17:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{0B7430E9-E659-4555-AC67-BE3340AAA519} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1293247725-2620836413-3812038035-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13FAFFAE-1468-8859-3799-1FEFB9F9EF40}*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-08-12 21:00:51 ComboFix-quarantined-files.txt 2012-08-12 19:00 . Pre-Run: 26.918.469.632 bytes beschikbaar Post-Run: 26.377.134.080 bytes beschikbaar . - - End Of File - - 32E10AD902BF4F52106DE208AA179B48 Hoe ziet het eruit ?
  19. Mark Baerveldt
    Beste Kape, Ik heb de bovenstaande punten uitgevoerd. Is nu alles opgelost ? Hoe weet je dat zo zeker aangezien ik gisteren nog 2 meldingen in Eset had Nog een vraag in mijn protection log van malwarebytes krijg ik constant de volgende regels. 2012/08/12 08:32:31 +0200 MARK-PC Mark IP-BLOCK 174.137.54.234 (Type: outgoing, Port: 55962, Process: explorer.exe) 2012/08/12 08:32:31 +0200 MARK-PC Mark IP-BLOCK 174.137.54.234 (Type: outgoing, Port: 55963, Process: explorer.exe) 2012/08/12 08:32:39 +0200 MARK-PC Mark IP-BLOCK 174.137.54.234 (Type: outgoing, Port: 55965, Process: explorer.exe) 2012/08/12 08:33:25 +0200 MARK-PC Mark DETECTION c:\programdata\windows\msseedir.dll Trojan.FakeMS DENY 2012/08/12 08:33:39 +0200 MARK-PC Mark DETECTION c:\programdata\windows\msseedir.dll Trojan.FakeMS DENY Hoe voorkom ik dit ? hoe los ik dit op ?
  20. Mark Baerveldt
    Hoi Kape, Ik heb Eset laten scannen als beheerder. De melding Win 32 trojan downloader.mebload ar is niet gedetecteerd. Maar dit werd ook niet altijd geconstateerd. Hij heeft wel 2 andere dingen gedetecteerd. Ik heb het opgeschoond en de hele map Windows/Temp weggegooid. Bijgaand logbestand van Eset Logboek wordt gescand Versie van database viruskenmerken: 7375 (20120810) Datum: 11-8-2012 Tijd: 9:59:53 Gescande schijven, mappen en bestanden: Werkgeheugen;Opstartsector;C:\Opstartsector;C:\;D:\Opstartsector;D:\;E:\Opstartsector;E:\ C:\hiberfil.sys - fout tijdens openen [4] C:\pagefile.sys - fout tijdens openen [4] C:\Boot\BCD - fout tijdens openen [4] C:\Boot\BCD.LOG - fout tijdens openen [4] C:\found.001\dir0000.chk\plugin.vch - fout tijdens openen [4] C:\found.001\dir0000.chk\resources.pak - fout tijdens openen [4] C:\found.001\dir0000.chk\theme_resources_standard.pak - fout tijdens openen [4] C:\found.001\dir0000.chk\ui_resources_standard.pak - fout tijdens openen [4] C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = PROCESS_LIBRARY.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = HIRING_REQUISITION_CUSTOMIZED.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = HIRING_REQUISITION.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = TRACK_ISSUES.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = POLICIES.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Common Files\Wise Installation Wizard\WISF896D02690164122B9BD957FF092FFE9_4_9_12_4023.MSI = MSI = Cabs.w1.cab = CAB = SHDS.mht = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt = MIME - is OK (geen interne scan uitgevoerd) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - fout tijdens openen [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - fout tijdens openen [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - fout tijdens openen [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - fout tijdens openen [4] C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - fout tijdens openen [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - fout tijdens openen [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - fout tijdens openen [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - fout tijdens openen [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - fout tijdens openen [4] C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - fout tijdens openen [4] C:\Users\Mark\NTUSER.DAT - fout tijdens openen [4] C:\Users\Mark\ntuser.dat.LOG1 - fout tijdens openen [4] C:\Users\Mark\ntuser.dat.LOG2 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateHelper.msi = MSI = required.cab = CAB - fout bij lezen van archief C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml = MIME - is OK (geen interne scan uitgevoerd) C:\Users\Mark\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\3856428C-00000001.eml = MIME - is OK (geen interne scan uitgevoerd) C:\Users\Mark\AppData\Local\Temp\201479b2 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Temp\7adc7dd - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Temp\bab696b0 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Temp\dd5bc3f1 - fout tijdens openen [4] C:\Users\Mark\AppData\Local\Temp\{D2EB0EC0-F8BA-4F0C-A7B3-ACE028A03BEA}\GoogleUpdateHelper.msi = MSI = required.cab = CAB - fout bij lezen van archief C:\Users\Mark\AppData\Roaming\GrabIt\Temp\ktr.sas.12.07.27.charisma.cappelli.rar = RAR = - archief beschadigd C:\Users\Mark\AppData\Roaming\GrabIt\Temp\pr0n.120727.rar = RAR = pr0n.120727.mp4 - archief beschadigd C:\Users\Mark\Documents\LimeWire\Saved\16_Horsepower_-_Live_March_2001_(2008)_320Kbit\16 Horsepower - Live March 2001 (2008) 320Kbit.part1.rar = RAR = 16 Horsepower - Live March 2001 (2008) 320Kbit\103 wayfaring stranger.mp3 - volgend archiefvolume niet gevonden C:\Users\Mark\Documents\LimeWire\Saved\Dubliners_-_Live_in_carre\Dubliners - Live in carre.part1.rar = RAR = 04 - Building up and tearing england down.mp3 - volgend archiefvolume niet gevonden C:\Users\Mark\Documents\LimeWire\Saved\Ilse_DeLange_-_Live\Ilse DeLange - Live.part1.rar = RAR = Ilse DeLange - Live\cd1\Ilse de Lange - Live - 105 - Livin' On Love.mp3 - volgend archiefvolume niet gevonden C:\Users\Mark\Downloads\PCMdailyExpansionPack-for-Patch1200\PCMdailyExpansionPack-for-Patch1200.exe = ASTRUM = top_giro_19_v2-emmea.zces - archief beschadigd. Het bestand kon niet worden uitgepakt. C:\Users\Mark\Downloads\PCMdailyExpansionPack-for-Patch1200\PCMdailyExpansionPack-for-Patch1200.exe = ASTRUM = - archief beschadigd C:\Windows\Installer\abe62.msi = MSI = Cabs.w1.cab = CAB = SHDS.mht = MIME - is OK (geen interne scan uitgevoerd) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\db.mdb - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\edb.log - fout tijdens openen [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\tmp.edb - fout tijdens openen [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - fout tijdens openen [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - fout tijdens openen [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - fout tijdens openen [4] C:\Windows\System32\catroot2\edb.log - fout tijdens openen [4] C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - fout tijdens openen [4] C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - fout tijdens openen [4] C:\Windows\Temp\uvwubngrdl.crx = CHROMEEXTENSION = content.zip = ZIP = plugin.dll - een variant van Win32/Kryptik.ILD trojaans paard C:\Windows\Temp\uvwubngrdl\plugin.dll - een variant van Win32/Kryptik.ILD trojaans paard - opgeschoond door te verwijderen - in quarantaine geplaatst [1] Opstartsector van schijf E: - fout tijdens openen [4] E:\ - fout tijdens openen [4] Aantal gescande objecten: 692036 Aantal gevonden bedreigingen: 2 Aantal opgeschoonde objecten: 1 Tijdstip van voltooiing: 11:52:42 Totale scantijd: 6769 sec. (01:52:49) Opmerkingen: [1] Het object is verwijderd omdat het alleen de viruscode bevatte. [4] Het object kan niet worden geopend. Het wordt mogelijk gebruikt door een ander programma of het besturingssysteem.
  21. Mark Baerveldt
    Hallo, Ik heb gedaan wat je vertelde. Bijgaand dan ook de nieuwe logs HI Jack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:30:46, on 10-8-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11443 bytes Anti Malwarebytes Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.08.10.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mark :: MARK-PC [administrator] Realtime bescherming: Ingeschakeld 10-8-2012 18:24:34 mbam-log-2012-08-10 (18-24-34).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 194373 Verstreken tijd: 4 minuut/minuten, 12 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Ik hoop dat het er al een stuk beter uit ziet zo.
  22. Mark Baerveldt
    Ik wist niet zeker of ik een administrator log had aangemaakt. Bij deze een wel een HI jack administrator log Ik hoop dat dit beter is Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:39:52, on 10-8-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/thewebblocker/{4E23176D-9DE6-408B-8503-9E323DC0A854} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) R3 - URLSearchHook: (no name) - {0b7430e9-e659-4555-ac67-be3340aaa519} - (no file) R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file) O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing) O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file) O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: FancyStart daemon.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (file missing) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15111 bytes
  23. Mark Baerveldt
    Hallo, Ik heb volgens eset een Win32 Trojan Downloader mebload.ar in het werkgeheugen zitten maar dit wordt niet altijd gedetecteerd. Hoe kom ik hier vanaf en wat is het. Ik heb er een logfile van Hijack bijgedaan. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:50:10, on 10-8-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\BitTorrent\BitTorrent.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/thewebblocker/{4E23176D-9DE6-408B-8503-9E323DC0A854} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) R3 - URLSearchHook: (no name) - {0b7430e9-e659-4555-ac67-be3340aaa519} - (no file) R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file) O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing) O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file) O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: FancyStart daemon.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (file missing) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14829 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.