Ga naar inhoud

arend51

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    11

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door arend51

  1. arend51
    Volgens mij is alles opgelost, ik zie 'claro' nergens meer. Heel hartelijk dank voor alle moeite!
  2. arend51
    ComboFix 12-09-12.03 - Eigenaar 12-09-2012 21:21:48.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4076.2397 [GMT 2:00] Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))) . . 2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC\AppData\Local\temp 2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.002\AppData\Local\temp 2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.001\AppData\Local\temp 2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.000\AppData\Local\temp 2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-12 08:48 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 08:48 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 08:48 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 08:48 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 08:48 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 08:48 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 08:48 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-11 18:45 . 2012-09-11 18:45 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes 2012-09-11 18:44 . 2012-09-11 18:44 -------- d-----w- c:\programdata\Malwarebytes 2012-09-11 18:44 . 2012-09-11 18:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-11 18:44 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-11 08:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48957CA1-2D9B-41D0-9769-A52C3F8A0498}\mpengine.dll 2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Local\Windows Live Writer 2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Windows Live Writer 2012-09-09 18:09 . 2012-09-09 18:09 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Jetdogs Studios 2012-09-09 10:21 . 2012-09-09 10:22 -------- d-----w- c:\users\Eigenaar\AppData\Local\Deployment 2012-09-09 09:28 . 2012-09-09 09:28 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-09 09:28 . 2012-09-09 09:28 -------- d-----w- c:\program files (x86)\Trend Micro 2012-09-06 09:03 . 2012-09-06 09:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\FOP 2012-09-04 20:03 . 2012-09-04 20:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\ExpressFiles 2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-02 15:46 . 2012-09-02 15:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Java 2012-08-29 08:58 . 2012-08-29 08:58 -------- d-----w- c:\programdata\SulusGames 2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----r- c:\program files (x86)\Skype 2012-08-22 19:37 . 2012-08-22 19:37 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\TOSST 2012-08-16 19:06 . 2012-08-16 19:06 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\PlataGames 2012-08-15 11:29 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 08:20 . 2012-08-16 08:38 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E 2012-08-15 08:06 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 08:06 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-15 08:05 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 08:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 08:05 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 08:05 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 08:05 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 08:05 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-15 08:05 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 08:05 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 08:05 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-15 08:05 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-14 20:50 . 2012-08-14 20:50 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\EurekaLog . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 10:15 . 2011-09-12 13:06 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-09-02 15:46 . 2012-07-02 08:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-02 15:46 . 2011-10-10 09:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-23 08:56 . 2012-04-03 08:17 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-23 08:56 . 2011-09-14 10:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-07 22:10 . 2012-08-07 22:10 207289 ----a-w- C:\torrent.exe 2012-07-18 18:52 . 2012-05-09 20:52 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-07-18 18:52 . 2012-05-09 20:52 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-07-18 18:52 . 2012-05-09 20:52 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-07-18 18:52 . 2012-05-09 20:52 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-09-12_09.54.58 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-09-12 10:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-28 20:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-28 20:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-12 10:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-28 20:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-09-12 10:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-09-12 18:23 62626 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-12 18:23 43428 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-09-12 12:43 . 2012-09-12 18:23 17366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3745490635-2143929647-3478600528-1000_UserData.bin + 2009-07-14 05:30 . 2012-09-12 10:21 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2012-08-15 19:16 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys + 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys + 2012-09-12 08:48 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys + 2012-09-12 08:48 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys - 2011-09-12 11:38 . 2012-09-09 10:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-09-12 11:38 . 2012-09-12 10:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-09-12 11:38 . 2012-09-12 10:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-09-12 11:38 . 2012-09-09 10:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-12 10:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-09-09 10:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-09-12 18:29 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-03-13 21:27 . 2012-08-15 11:31 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe + 2012-03-13 21:27 . 2012-09-12 10:19 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe - 2012-03-13 21:27 . 2012-08-15 11:31 43608 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe + 2012-03-13 21:27 . 2012-09-12 10:19 43608 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe + 2012-03-13 21:27 . 2012-09-12 10:19 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe - 2012-03-13 21:27 . 2012-08-15 11:31 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe - 2012-09-12 08:41 . 2012-09-12 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-12 18:21 . 2012-09-12 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-12 18:21 . 2012-09-12 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-12 08:41 . 2012-09-12 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-07-07 01:20 . 2012-08-19 18:59 701798 c:\windows\system32\perfh013.dat + 2011-07-07 01:20 . 2012-09-12 18:25 701798 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-08-19 18:59 616242 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-12 18:25 616242 c:\windows\system32\perfh009.dat - 2011-07-07 01:20 . 2012-08-19 18:59 133798 c:\windows\system32\perfc013.dat + 2011-07-07 01:20 . 2012-09-12 18:25 133798 c:\windows\system32\perfc013.dat - 2009-07-14 02:36 . 2012-08-19 18:59 106622 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-09-12 18:25 106622 c:\windows\system32\perfc009.dat + 2009-07-14 05:30 . 2012-09-12 10:21 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-08-15 19:16 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-08-15 19:16 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2012-09-12 10:21 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:31 . 2012-09-12 10:21 399360 c:\windows\system32\DriverStore\drvindex.dat - 2009-07-14 05:31 . 2012-08-15 19:16 399360 c:\windows\system32\DriverStore\drvindex.dat - 2009-07-14 05:01 . 2012-09-11 19:35 390272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-09-12 11:20 390272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-13 21:27 . 2012-09-12 10:19 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe - 2012-03-13 21:27 . 2012-08-15 11:31 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe - 2012-03-13 21:27 . 2012-08-15 11:31 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe + 2012-03-13 21:27 . 2012-09-12 10:19 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe - 2012-03-13 21:27 . 2012-08-15 11:31 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe + 2012-03-13 21:27 . 2012-09-12 10:19 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe - 2012-03-13 21:27 . 2012-08-15 11:31 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe + 2012-03-13 21:27 . 2012-09-12 10:19 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe + 2012-03-13 21:27 . 2012-09-12 10:19 470616 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe - 2012-03-13 21:27 . 2012-08-15 11:31 470616 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe - 2012-03-13 21:27 . 2012-08-15 11:31 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe + 2012-03-13 21:27 . 2012-09-12 10:19 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe + 2009-07-14 04:45 . 2012-09-12 10:25 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-08-15 19:21 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-08-29 20:37 . 2012-08-29 20:37 3449344 c:\windows\Installer\5a5ef8.msp + 2012-03-13 21:27 . 2012-09-12 10:19 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe - 2012-03-13 21:27 . 2012-08-15 11:31 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe + 2012-03-13 21:27 . 2012-09-12 10:19 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe - 2012-03-13 21:27 . 2012-08-15 11:31 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe + 2012-03-13 21:27 . 2012-09-12 10:19 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe - 2012-03-13 21:27 . 2012-08-15 11:31 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe - 2012-03-13 21:27 . 2012-08-15 11:31 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe + 2012-03-13 21:27 . 2012-09-12 10:19 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe - 2009-07-14 02:34 . 2012-08-15 19:17 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-09-12 10:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2011-09-14 15:42 . 2012-09-09 20:40 11376380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3745490635-2143929647-3478600528-1000-8192.dat + 2011-09-14 15:42 . 2012-09-12 10:20 11376380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3745490635-2143929647-3478600528-1000-8192.dat + 2011-09-14 15:42 . 2012-09-12 11:20 29962270 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3745490635-2143929647-3478600528-1000-4096.dat . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KPN Assistent"="c:\program files (x86)\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "RAInstaller c:\gamehouse games\The Chronicles of Shakespeare - A Midsummer Night's Dream"="rmdir" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736] R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704] R4 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-03-28 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120911.001\IDSvia64.sys [2012-09-01 513184] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 349736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 39464] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432] . . Inhoud van de 'Gedeelde Taken' map . 2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:56] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000Core.job - c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000UA.job - c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\ryyvcqlt.default\ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-09-12 21:32:49 ComboFix-quarantined-files.txt 2012-09-12 19:32 ComboFix2.txt 2012-09-12 10:07 . Pre-Run: 157.193.183.232 bytes beschikbaar Post-Run: 157.448.130.560 bytes beschikbaar . - - End Of File - - E5959F991D8AE447374F85F975491637
  3. arend51
    Het is mij niet gelukt om comboFix.exe op mijn bureaublad te plaatsen, toen ik het bestand van de harde schijf op mijn bureaublad plaatste en opende kreeg ik 'niets', dus hoe krijg ik dit bestand alsnog op mijn bureaublad?
  4. arend51
    ComboFix 12-09-12.02 - Eigenaar 12-09-2012 11:39:52.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4076.2270 [GMT 2:00] Gestart vanuit: c:\users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBL7B63Y\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\DealPly c:\program files (x86)\DealPly\DealPly.crx c:\program files (x86)\DealPly\DealPlyIE.dll c:\program files (x86)\DealPly\DealPlyTune.dll c:\program files (x86)\DealPly\DealPlyUpdate.exe c:\program files (x86)\DealPly\DealPlyUpdate.log c:\program files (x86)\DealPly\DealPlyUpdateRun.exe c:\program files (x86)\DealPly\icon.ico c:\program files (x86)\DealPly\uninst.exe c:\users\Eigenaar\AppData\Roaming\PriceGong c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\1.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\371.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\a.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\b.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\c.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\d.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\e.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\f.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\g.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\h.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\i.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\j.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\k.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\l.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\m.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\mru.xml c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\n.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\o.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\p.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\q.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\r.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\s.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\t.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\u.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\v.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\w.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\wlu.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\x.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\y.txt c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\z.txt c:\windows\SysWow64\10561057 c:\windows\SysWow64\10561058 c:\windows\SysWow64\10561059 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))) . . 2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC\AppData\Local\temp 2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.002\AppData\Local\temp 2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.001\AppData\Local\temp 2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.000\AppData\Local\temp 2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-12 09:36 . 2012-09-12 09:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48957CA1-2D9B-41D0-9769-A52C3F8A0498}\offreg.dll 2012-09-11 18:45 . 2012-09-11 18:45 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes 2012-09-11 18:44 . 2012-09-11 18:44 -------- d-----w- c:\programdata\Malwarebytes 2012-09-11 18:44 . 2012-09-11 18:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-11 18:44 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-11 08:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48957CA1-2D9B-41D0-9769-A52C3F8A0498}\mpengine.dll 2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Local\Windows Live Writer 2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Windows Live Writer 2012-09-09 18:09 . 2012-09-09 18:09 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Jetdogs Studios 2012-09-09 10:21 . 2012-09-09 10:22 -------- d-----w- c:\users\Eigenaar\AppData\Local\Deployment 2012-09-09 09:28 . 2012-09-09 09:28 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-09 09:28 . 2012-09-09 09:28 -------- d-----w- c:\program files (x86)\Trend Micro 2012-09-06 09:03 . 2012-09-06 09:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\FOP 2012-09-04 20:03 . 2012-09-04 20:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\ExpressFiles 2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-02 15:46 . 2012-09-02 15:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Java 2012-08-29 08:58 . 2012-08-29 08:58 -------- d-----w- c:\programdata\SulusGames 2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----r- c:\program files (x86)\Skype 2012-08-22 19:37 . 2012-08-22 19:37 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\TOSST 2012-08-16 19:06 . 2012-08-16 19:06 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\PlataGames 2012-08-15 11:29 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 08:20 . 2012-08-16 08:38 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E 2012-08-15 08:06 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 08:06 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-15 08:05 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 08:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 08:05 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 08:05 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 08:05 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 08:05 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-15 08:05 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 08:05 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 08:05 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-15 08:05 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-14 20:50 . 2012-08-14 20:50 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\EurekaLog . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-02 15:46 . 2012-07-02 08:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-02 15:46 . 2011-10-10 09:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-23 08:56 . 2012-04-03 08:17 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-23 08:56 . 2011-09-14 10:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 11:17 . 2011-09-12 13:06 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-07 22:10 . 2012-08-07 22:10 207289 ----a-w- C:\torrent.exe 2012-07-18 18:52 . 2012-05-09 20:52 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-07-18 18:52 . 2012-05-09 20:52 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-07-18 18:52 . 2012-05-09 20:52 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-07-18 18:52 . 2012-05-09 20:52 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KPN Assistent"="c:\program files (x86)\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "RAInstaller c:\gamehouse games\The Chronicles of Shakespeare - A Midsummer Night's Dream"="rmdir" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736] R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704] R4 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-03-28 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120911.001\IDSvia64.sys [2012-09-01 513184] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 349736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 39464] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432] . . Inhoud van de 'Gedeelde Taken' map . 2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:56] . 2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000Core.job - c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000UA.job - c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848 mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\ryyvcqlt.default\ FF - prefs.js: browser.startup.homepage - hxxp://isearch.claro-search.com/?affID=114164&tt=3612_6&babsrc=HP_iclro&mntrId=aa9038d7000000000000e0ca941ca601 FF - prefs.js: keyword.URL - hxxp://isearch.claro-search.com/?affID=114164&tt=3612_6&babsrc=KW_iclro&mntrId=aa9038d7000000000000e0ca941ca601&q= FF - prefs.js: browser.search.selectedEngine - Claro Search FF - user.js: extensions.claro.autoRvrt - false FF - user.js: extensions.claro_i.newTab - false FF - user.js: extensions.claro.id - aa9038d7000000000000e0ca941ca601 FF - user.js: extensions.claro.instlDay - 15587 FF - user.js: extensions.claro.vrsn - 1.6.4.1 FF - user.js: extensions.claro.vrsni - 1.6.4.1 FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.122:04 FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - iclaro FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe AddRemove-Denda Games Midnight Mysteries - Devil on the Mississippi - c:\program files (x86)\Denda Games\Midnight Mysteries - Devil on the Mississippi\Uninstall.exe AddRemove-Nancy Drew - Secret Of The Old Clock - c:\program files (x86)\Nancy Drew - Secret Of The Old Clock\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-09-12 12:06:56 ComboFix-quarantined-files.txt 2012-09-12 10:06 . Pre-Run: 151.088.427.008 bytes beschikbaar Post-Run: 154.913.619.968 bytes beschikbaar . - - End Of File - - C4E2B599B86D0C1ED8821215638B6BDF
  5. arend51
    Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400 www.malwarebytes.org Databaseversie: v2012.09.11.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Eigenaar :: EIGENAAR-PC [administrator] Realtime bescherming: Ingeschakeld 11-9-2012 20:47:14 mbam-log-2012-09-11 (20-47-14).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 299600 Verstreken tijd: 5 minuut/minuten, 47 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
  6. arend51
    Ikzelf had problemen met een spel wat het niet deed en iemand anders hier kon niet meer op t internet. Het waren twee programma's die ons toen werden geadviseerd door XS4all i.v.m. virussen e.d. malwarebytes en ik meen alaware. Het heeft veel moeite gekost om alle sporen te verwijderen, vandaar.
  7. arend51
    Dit is een reactie op Kape die mij zei MBAM te downloaden. Ik wist niet waar ik mijn vraag kon plaatsen dus ik hoop dat dit zo goed komt. Ik heb ooit problemen gehad met MBAM omdat er ook Norton op mijn laptop is geinstalleerd. Ik vraag mij af of het verstandig is (omdat ik compu analfabeet ben) die eventuele problemen weer op te zoeken. Ik hoop dat je begrijpt wat ik bedoel. Nog bedankt voor je reactie.
  8. arend51
    Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:49:13, on 9-9-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = eSnips Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [KPN Assistent] C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe /auto O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [RAInstaller C:\GameHouse Games\The Chronicles of Shakespeare - A Midsummer Night's Dream] cmd.exe /c "rmdir /S /Q "C:\GameHouse Games\The Chronicles of Shakespeare - A Midsummer Night's Dream"" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3745490635-2143929647-3478600528-1009\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3745490635-2143929647-3478600528-1009\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Murder%20Island%20-%20Secret%20of%20Tantalus/Images/stg_drm.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/CLUE%20Accusations%20and%20Alibis/Images/armhelper.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11979 bytes
  9. arend51
    natuurlijk bekeek ik de handleiding, anders was ik hier (na veel gepuzzel) niet gekomen, maar volgens mij stopt ie nadat je alles in een bericht hebt geplaatst en staat er verder niet wat je met dat bericht moet doen, misschien blond of dom, maar ik ben echt een nieuweling.
  10. arend51
    Bedankt voor je reactie, ik heb een logje maar weet niet wat je bedoelt met ín een bericht plaatsen' aan wie?
  11. arend51
    Dag, Als ik google chrome wil gebruiken neemt "claro search" het over, ook zijn er dingen ongemerkt veranderd. Ik ben een beginner op computergebied en weet hier geen raad mee, jullie wel? groet Arend51
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.