Ga naar inhoud

lucky45

Lid
  • Items

    6
  • Registratiedatum

  • Laatst bezocht

lucky45's prestaties

  1. ik was inderdaad de spatie vergeten voor de slash. Bedankt voor alle hulp!!
  2. Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall Dit krijg ik niet voor elkaar op de manier zoals beschreven. Kan ik hem ook gewoon van de desktop verwijderen, of gaat dan niet alles mee.
  3. Ik ben voorzichtig optimistisch, volgens mij is alles weer ok. ComboFix 12-09-24.03 - Bertram 25-09-2012 18:05:28.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1994 [GMT 2:00] Gestart vanuit: c:\users\Bertram\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Bertram\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "C:\user.js" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Perion c:\program files\Perion\NewTab\data.txt c:\program files\Perion\NewTab\newTab.crx c:\program files\Web Assistant c:\program files\Web Assistant\ExtensionUpdaterService.exe c:\program files\Web Assistant\Firefox\chrome.manifest c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Web Assistant\Firefox\chrome\content\main.js c:\program files\Web Assistant\Firefox\chrome\content\main.xul c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js c:\program files\Web Assistant\Firefox\install.rdf c:\program files\Web Assistant\InstallerHelper.dll c:\program files\Web Assistant\libraries\DataExchangeScript.js c:\program files\Web Assistant\resources\localscript.js c:\program files\Web Assistant\source.crx c:\program files\Web Assistant\unins000.dat c:\program files\Web Assistant\unins000.exe C:\user.js . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Web Assistant Updater . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))) . . 2012-09-25 16:12 . 2012-09-25 16:14 -------- d-----w- c:\users\Bertram\AppData\Local\temp 2012-09-25 16:12 . 2012-09-25 16:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\users\Bertram\AppData\Roaming\Malwarebytes 2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\programdata\Malwarebytes 2012-09-23 10:20 . 2012-09-23 10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-23 10:20 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-16 08:45 . 2012-09-16 08:45 16304 ------w- c:\windows\system32\apl003.sys 2012-09-16 08:45 . 2012-09-16 08:45 13232 ------w- c:\windows\system32\apf003.sys 2012-09-12 13:11 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys 2012-09-12 13:11 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 13:11 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 13:11 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 13:11 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-09 15:50 . 2007-05-03 09:21 29056 ----a-w- c:\windows\system32\drivers\Capt905c.sys 2012-09-09 15:50 . 2007-05-03 09:21 25088 ----a-w- c:\windows\system32\drivers\Camd905c.sys 2012-09-09 15:50 . 2012-09-09 15:54 -------- d-----w- c:\program files\MyDSC2 2012-09-09 10:50 . 2012-09-09 10:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-09 10:49 . 2012-09-09 10:49 -------- d-----w- c:\program files\Java . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-09 10:49 . 2010-04-19 04:50 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-06 14:53 . 2012-07-16 16:52 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-08-06 14:53 . 2012-07-16 17:59 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-08-06 14:53 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-07-30 13:41 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-07-18 17:47 . 2012-08-15 20:02 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-16 16:52 . 2012-07-16 16:52 138056 ----a-w- c:\users\Bertram\AppData\Roaming\PnkBstrK.sys 2012-07-16 16:52 . 2012-07-16 16:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-07-04 21:14 . 2012-08-15 20:02 41984 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:14 . 2012-08-15 20:02 102912 ----a-w- c:\windows\system32\browser.dll 2012-09-07 15:21 . 2012-09-07 15:21 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Bertram\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Bertram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-1-16 974848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 apf003;apf003;c:\windows\system32\apf003.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netr28;Ralink 802.11n stuurprogramma voor draadloze netwerken voor Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x] S2 SpyroService;Spyro Portal Service;c:\program files\FS\Spyro Portal\FlashPortal.exe [x] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:06] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000Core.job - c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000UA.job - c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: sproetje.org\www TCP: Interfaces\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab FF - ProfilePath - c:\users\Bertram\AppData\Roaming\Mozilla\Firefox\Profiles\6c5jkrm3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.incredibar_i.ppd - 77777176 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\atieclxx.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Voltooingstijd: 2012-09-25 18:18:19 - machine werd herstart ComboFix-quarantined-files.txt 2012-09-25 16:18 ComboFix2.txt 2012-09-24 15:17 . Pre-Run: 114.666.708.992 bytes beschikbaar Post-Run: 114.456.002.560 bytes beschikbaar . - - End Of File - - 7F227DF7E95F95D327235AF0CEAE95F2
  4. ComboFix 12-09-24.02 - Bertram 24-09-2012 17:03:31.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1902 [GMT 2:00] Gestart vanuit: c:\users\Bertram\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\uTorrent\uTorrent.exe c:\windows\IsUn0413.exe c:\windows\system32\FlashPlayerInstaller.exe c:\windows\unin0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))) . . 2012-09-24 15:12 . 2012-09-24 15:13 -------- d-----w- c:\users\Bertram\AppData\Local\temp 2012-09-24 15:12 . 2012-09-24 15:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-24 15:12 . 2012-09-24 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\users\Bertram\AppData\Roaming\Malwarebytes 2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\programdata\Malwarebytes 2012-09-23 10:20 . 2012-09-23 10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-23 10:20 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-22 07:06 . 2012-09-22 07:06 -------- d-----w- c:\program files\Perion 2012-09-22 07:06 . 2012-09-22 07:06 455 ----a-w- C:\user.js 2012-09-22 07:06 . 2012-09-23 10:17 -------- d-----w- c:\program files\Web Assistant 2012-09-16 08:45 . 2012-09-16 08:45 16304 ------w- c:\windows\system32\apl003.sys 2012-09-16 08:45 . 2012-09-16 08:45 13232 ------w- c:\windows\system32\apf003.sys 2012-09-12 13:11 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys 2012-09-12 13:11 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 13:11 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 13:11 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 13:11 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-09 15:50 . 2007-05-03 09:21 29056 ----a-w- c:\windows\system32\drivers\Capt905c.sys 2012-09-09 15:50 . 2007-05-03 09:21 25088 ----a-w- c:\windows\system32\drivers\Camd905c.sys 2012-09-09 15:50 . 2012-09-09 15:54 -------- d-----w- c:\program files\MyDSC2 2012-09-09 10:50 . 2012-09-09 10:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-09 10:49 . 2012-09-09 10:49 -------- d-----w- c:\program files\Java . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-09 10:49 . 2010-04-19 04:50 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-06 14:53 . 2012-07-16 16:52 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-08-06 14:53 . 2012-07-16 17:59 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-08-06 14:53 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-07-30 13:41 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-07-18 17:47 . 2012-08-15 20:02 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-16 16:52 . 2012-07-16 16:52 138056 ----a-w- c:\users\Bertram\AppData\Roaming\PnkBstrK.sys 2012-07-16 16:52 . 2012-07-16 16:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-07-04 21:14 . 2012-08-15 20:02 41984 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:14 . 2012-08-15 20:02 102912 ----a-w- c:\windows\system32\browser.dll 2012-09-07 15:21 . 2012-09-07 15:21 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Bertram\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Bertram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-1-16 974848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 apf003;apf003;c:\windows\system32\apf003.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netr28;Ralink 802.11n stuurprogramma voor draadloze netwerken voor Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x] S2 SpyroService;Spyro Portal Service;c:\program files\FS\Spyro Portal\FlashPortal.exe [x] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:06] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06] . 2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000Core.job - c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000UA.job - c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: sproetje.org\www TCP: Interfaces\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab FF - ProfilePath - c:\users\Bertram\AppData\Roaming\Mozilla\Firefox\Profiles\6c5jkrm3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb174?a=6OyORYUSPK&i=26 FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyORYUSPK&&i=26&search= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyORYUSPK&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 324213450000000000000022686e9fae FF - user.js: extensions.incredibar_i.instlDay - 15605 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:06 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyORYUSPK FF - user.js: extensions.incredibar_i.upn2n - 92262148920393792 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10671 FF - user.js: extensions.incredibar_i.ppd - 77777176 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe HKCU-Run-µTorrent - c:\program files\uTorrent\utorrent.exe HKLM-Run-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe AddRemove-980b93787af70c51b4ceeeaf0dc896ec - c:\program files\RealArcade\Installer\bin\gameinstaller.exe AddRemove-9ae173205d6d9ab9cb67dc12f734faf1 - c:\program files\RealArcade\Installer\bin\gameinstaller.exe AddRemove-b74c89c60294933c65aa3b6489645318 - c:\program files\RealArcade\Installer\bin\gameinstaller.exe AddRemove-Dll-Files.com Fixer_is1 - c:\program files\Dll-Files.com Fixer\unins000.exe AddRemove-f83f0048753773a88ce85ea2112e3508 - c:\program files\RealArcade\Installer\bin\gameinstaller.exe AddRemove-LEGO Racers - c:\windows\IsUn0413.exe AddRemove-LEGO Rock Raiders - c:\windows\IsUn0413.exe AddRemove-LEGOLANDDeInstKey - c:\windows\unin0413.exe AddRemove-Plants vs. Zombies - c:\program files\Plants vs. Zombies\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-09-24 17:17:34 ComboFix-quarantined-files.txt 2012-09-24 15:17 . Pre-Run: 114.943.975.424 bytes beschikbaar Post-Run: 115.129.372.672 bytes beschikbaar . - - End Of File - - F029AC53A733D0D55D0136D635D010B6
  5. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:16:28, on 23-9-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\uTorrent\utorrent.exe C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\Bertram\Downloads\HijackThis.exe C:\windows\system32\SearchFilterHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file) O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: sproetje.org: The Leading Spore the Site on the Net O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.normandie-webcam.com/plugins/vatdec10051/VatDec.cab O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab O16 - DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab O16 - DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Spyro Portal Service (SpyroService) - FS - C:\Program Files\FS\Spyro Portal\FlashPortal.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- End of file - 10134 bytes Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free anti-malware download Databaseversie: v2012.09.23.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Bertram :: BERTRAM-QMPC [administrator] 23-9-2012 20:07:30 mbam-log-2012-09-23 (20-07-30).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 229712 Verstreken tijd: 5 minuut/minuten, 59 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
  6. Ik heb al het nodige gedaan na het lezen van dit forum. Hieronder de log bestandjes. Graag advies over hoe nu verder te handelen Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:42:46, on 23-9-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\windows\system32\taskeng.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\uTorrent\utorrent.exe C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\windows\system32\SearchFilterHost.exe C:\Users\Bertram\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file) O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: sproetje.org: The Leading Spore the Site on the Net O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jewelry%20Secret%20-%20Mystery%20Stones/Images/stg_drm.ocx O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.normandie-webcam.com/plugins/vatdec10051/VatDec.cab O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab O16 - DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab O16 - DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Spyro Portal Service (SpyroService) - FS - C:\Program Files\FS\Spyro Portal\FlashPortal.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free anti-malware download Databaseversie: v2012.09.23.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Bertram :: BERTRAM-QMPC [administrator] 23-9-2012 12:22:11 mbam-log-2012-09-23 (12-22-11).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 230031 Verstreken tijd: 5 minuut/minuten, 59 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 3 C:\Users\Bertram\Downloads\FastDownload.exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bertram\Downloads\VLCVideoConverterSetup.exe (PUP.BundleInstaller.BI) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Bertram\Downloads\epicbot.exe (PUP.BundleOffers.IIQ) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.