lucky45
-
Items
6 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door lucky45
-
-
Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall
Dit krijg ik niet voor elkaar op de manier zoals beschreven. Kan ik hem ook gewoon van de desktop verwijderen, of gaat dan niet alles mee.
-
Ik ben voorzichtig optimistisch, volgens mij is alles weer ok.
ComboFix 12-09-24.03 - Bertram 25-09-2012 18:05:28.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1994 [GMT 2:00]
Gestart vanuit: c:\users\Bertram\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Bertram\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Perion
c:\program files\Perion\NewTab\data.txt
c:\program files\Perion\NewTab\newTab.crx
c:\program files\Web Assistant
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\Web Assistant\Firefox\chrome.manifest
c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js
c:\program files\Web Assistant\Firefox\chrome\content\main.js
c:\program files\Web Assistant\Firefox\chrome\content\main.xul
c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js
c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd
c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css
c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js
c:\program files\Web Assistant\Firefox\install.rdf
c:\program files\Web Assistant\InstallerHelper.dll
c:\program files\Web Assistant\libraries\DataExchangeScript.js
c:\program files\Web Assistant\resources\localscript.js
c:\program files\Web Assistant\source.crx
c:\program files\Web Assistant\unins000.dat
c:\program files\Web Assistant\unins000.exe
C:\user.js
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Web Assistant Updater
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-25 to 2012-09-25 ))))))))))))))))))))))))))))))
.
.
2012-09-25 16:12 . 2012-09-25 16:14 -------- d-----w- c:\users\Bertram\AppData\Local\temp
2012-09-25 16:12 . 2012-09-25 16:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\users\Bertram\AppData\Roaming\Malwarebytes
2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\programdata\Malwarebytes
2012-09-23 10:20 . 2012-09-23 10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-23 10:20 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 08:45 . 2012-09-16 08:45 16304 ------w- c:\windows\system32\apl003.sys
2012-09-16 08:45 . 2012-09-16 08:45 13232 ------w- c:\windows\system32\apf003.sys
2012-09-12 13:11 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 13:11 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:11 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:11 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:11 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-09 15:50 . 2007-05-03 09:21 29056 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2012-09-09 15:50 . 2007-05-03 09:21 25088 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2012-09-09 15:50 . 2012-09-09 15:54 -------- d-----w- c:\program files\MyDSC2
2012-09-09 10:50 . 2012-09-09 10:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-09 10:49 . 2012-09-09 10:49 -------- d-----w- c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 10:49 . 2010-04-19 04:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-06 14:53 . 2012-07-16 16:52 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-06 14:53 . 2012-07-16 17:59 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 14:53 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:41 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-18 17:47 . 2012-08-15 20:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 16:52 . 2012-07-16 16:52 138056 ----a-w- c:\users\Bertram\AppData\Roaming\PnkBstrK.sys
2012-07-16 16:52 . 2012-07-16 16:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-04 21:14 . 2012-08-15 20:02 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 20:02 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-07 15:21 . 2012-09-07 15:21 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bertram\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Bertram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-1-16 974848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 apf003;apf003;c:\windows\system32\apf003.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28;Ralink 802.11n stuurprogramma voor draadloze netwerken voor Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 SpyroService;Spyro Portal Service;c:\program files\FS\Spyro Portal\FlashPortal.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:06]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000Core.job
- c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000UA.job
- c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: sproetje.org\www
TCP: Interfaces\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab
DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab
FF - ProfilePath - c:\users\Bertram\AppData\Roaming\Mozilla\Firefox\Profiles\6c5jkrm3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.ppd - 77777176
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-25 18:18:19 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-25 16:18
ComboFix2.txt 2012-09-24 15:17
.
Pre-Run: 114.666.708.992 bytes beschikbaar
Post-Run: 114.456.002.560 bytes beschikbaar
.
- - End Of File - - 7F227DF7E95F95D327235AF0CEAE95F2
-
ComboFix 12-09-24.02 - Bertram 24-09-2012 17:03:31.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1902 [GMT 2:00]
Gestart vanuit: c:\users\Bertram\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrent\uTorrent.exe
c:\windows\IsUn0413.exe
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\unin0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-24 to 2012-09-24 ))))))))))))))))))))))))))))))
.
.
2012-09-24 15:12 . 2012-09-24 15:13 -------- d-----w- c:\users\Bertram\AppData\Local\temp
2012-09-24 15:12 . 2012-09-24 15:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-24 15:12 . 2012-09-24 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\users\Bertram\AppData\Roaming\Malwarebytes
2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\programdata\Malwarebytes
2012-09-23 10:20 . 2012-09-23 10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-23 10:20 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 07:06 . 2012-09-22 07:06 -------- d-----w- c:\program files\Perion
2012-09-22 07:06 . 2012-09-22 07:06 455 ----a-w- C:\user.js
2012-09-22 07:06 . 2012-09-23 10:17 -------- d-----w- c:\program files\Web Assistant
2012-09-16 08:45 . 2012-09-16 08:45 16304 ------w- c:\windows\system32\apl003.sys
2012-09-16 08:45 . 2012-09-16 08:45 13232 ------w- c:\windows\system32\apf003.sys
2012-09-12 13:11 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:11 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 13:11 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:11 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:11 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:11 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-09 15:50 . 2007-05-03 09:21 29056 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2012-09-09 15:50 . 2007-05-03 09:21 25088 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2012-09-09 15:50 . 2012-09-09 15:54 -------- d-----w- c:\program files\MyDSC2
2012-09-09 10:50 . 2012-09-09 10:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-09 10:49 . 2012-09-09 10:49 -------- d-----w- c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 10:49 . 2010-04-19 04:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-06 14:53 . 2012-07-16 16:52 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-06 14:53 . 2012-07-16 17:59 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 14:53 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:41 . 2012-07-16 16:52 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-18 17:47 . 2012-08-15 20:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 16:52 . 2012-07-16 16:52 138056 ----a-w- c:\users\Bertram\AppData\Roaming\PnkBstrK.sys
2012-07-16 16:52 . 2012-07-16 16:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-04 21:14 . 2012-08-15 20:02 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 20:02 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-07 15:21 . 2012-09-07 15:21 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bertram\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Bertram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-1-16 974848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 apf003;apf003;c:\windows\system32\apf003.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28;Ralink 802.11n stuurprogramma voor draadloze netwerken voor Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 SpyroService;Spyro Portal Service;c:\program files\FS\Spyro Portal\FlashPortal.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:06]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 19:06]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000Core.job
- c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935925857-3582874073-2332455473-1000UA.job
- c:\users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 21:39]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: sproetje.org\www
TCP: Interfaces\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab
DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab
FF - ProfilePath - c:\users\Bertram\AppData\Roaming\Mozilla\Firefox\Profiles\6c5jkrm3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb174?a=6OyORYUSPK&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyORYUSPK&&i=26&search=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyORYUSPK&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 324213450000000000000022686e9fae
FF - user.js: extensions.incredibar_i.instlDay - 15605
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:06
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyORYUSPK
FF - user.js: extensions.incredibar_i.upn2n - 92262148920393792
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10671
FF - user.js: extensions.incredibar_i.ppd - 77777176
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-µTorrent - c:\program files\uTorrent\utorrent.exe
HKLM-Run-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
AddRemove-980b93787af70c51b4ceeeaf0dc896ec - c:\program files\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-9ae173205d6d9ab9cb67dc12f734faf1 - c:\program files\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-b74c89c60294933c65aa3b6489645318 - c:\program files\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-Dll-Files.com Fixer_is1 - c:\program files\Dll-Files.com Fixer\unins000.exe
AddRemove-f83f0048753773a88ce85ea2112e3508 - c:\program files\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-LEGO Racers - c:\windows\IsUn0413.exe
AddRemove-LEGO Rock Raiders - c:\windows\IsUn0413.exe
AddRemove-LEGOLANDDeInstKey - c:\windows\unin0413.exe
AddRemove-Plants vs. Zombies - c:\program files\Plants vs. Zombies\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-09-24 17:17:34
ComboFix-quarantined-files.txt 2012-09-24 15:17
.
Pre-Run: 114.943.975.424 bytes beschikbaar
Post-Run: 115.129.372.672 bytes beschikbaar
.
- - End Of File - - F029AC53A733D0D55D0136D635D010B6
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:28, on 23-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Bertram\Downloads\HijackThis.exe
C:\windows\system32\SearchFilterHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: sproetje.org: The Leading Spore the Site on the Net
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.normandie-webcam.com/plugins/vatdec10051/VatDec.cab
O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
O16 - DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab
O16 - DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyro Portal Service (SpyroService) - FS - C:\Program Files\FS\Spyro Portal\FlashPortal.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 10134 bytes
Malwarebytes Anti-Malware 1.65.0.1400
Malwarebytes : Free anti-malware download
Databaseversie: v2012.09.23.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Bertram :: BERTRAM-QMPC [administrator]
23-9-2012 20:07:30
mbam-log-2012-09-23 (20-07-30).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 229712
Verstreken tijd: 5 minuut/minuten, 59 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
-
Ik heb al het nodige gedaan na het lezen van dit forum. Hieronder de log bestandjes. Graag advies over hoe nu verder te handelen
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:42:46, on 23-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Bertram\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bertram\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Bertram\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1935925857-3582874073-2332455473-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: sproetje.org: The Leading Spore the Site on the Net
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jewelry%20Secret%20-%20Mystery%20Stones/Images/stg_drm.ocx
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.normandie-webcam.com/plugins/vatdec10051/VatDec.cab
O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
O16 - DPF: {B4A41BDB-320A-4AF4-8DBC-846866A62657} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.43/ImageUploader7.cab
O16 - DPF: {B7915D9F-6057-4153-BE1B-8E234BD66980} (Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/ImageUploader7.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6300CB0B-D6DC-4688-BA95-9E11E48EBB7B}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyro Portal Service (SpyroService) - FS - C:\Program Files\FS\Spyro Portal\FlashPortal.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
Malwarebytes Anti-Malware 1.65.0.1400
Malwarebytes : Free anti-malware download
Databaseversie: v2012.09.23.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Bertram :: BERTRAM-QMPC [administrator]
23-9-2012 12:22:11
mbam-log-2012-09-23 (12-22-11).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 230031
Verstreken tijd: 5 minuut/minuten, 59 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 3
C:\Users\Bertram\Downloads\FastDownload.exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Bertram\Downloads\VLCVideoConverterSetup.exe (PUP.BundleInstaller.BI) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Bertram\Downloads\epicbot.exe (PUP.BundleOffers.IIQ) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
incredibar ineens op de computer
in Archief Bestrijding malware & virussen
Geplaatst:
ik was inderdaad de spatie vergeten voor de slash.
Bedankt voor alle hulp!!