flipsetien
-
Items
22 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door flipsetien
-
-
Zo heb ik het inderdaad gedaan. En dat programmaatje convert.exe loopt ook nog steeds.
-
Hallo,
Ik ben een externe harde schijf (2 TB, Intenso) met c.a. 170 MB aan data aan het converteren van fat32 naar ntfs. Ik heb het converteren gestart via de opdrachtprompt. Het proces loopt nu al ruim 24uur.
In taakbeheer staat het convert.exe als actief proces dan dat gebruikt dan 0 en dan weer 1% processor tijd. Niettemin is mijn laptop hard bezig, te horen aan de ventilator.
Ik weet niet wat ik nu moet doen. Ik lees overal dat je zo'n conversie niet moet onderbreken. Maar het duurt nu zo lang dat ik me afvraag of het wel goed gaat zo. Op zich zou ik het geen probleem vinden om de schijf opnieuw te formatteren als dat sneller gaat.
Ik heb een laptop met windows 7. 1,65 GHz, 4 Mb ram. MacAfee als antivirus programma.
Alvast bedankt voor de hulp!
-
We zijn inmiddels een week verder en de laptop heeft genoeg aangestaan. Dus ik denk dat het probleem eindelijk verholpen is. Ik zal het probleem markeren als opgelost.
Harstikke bedankt!
-
24 uur voorbij. We zijn nog niet afgesloten. Ziet er dus goed uit, maar ik wacht nog even af...
-
Ik wist toen nog niet dat Trend Micro de originele aanbieder was. Ik weet niet meer waar ik het vandaan gedownload heb maar waarschijnlijk dan niet die van Trend Micro.
-
Ik zal mijn dochter weer met de laptop op internet laten en dan moeten we het denk ik een dag of wat aankijken of het weer gebeurt. Ik laat het je weten! Bedankt in elk geval tot dusver.
Ik had trouwens op mijn eigen laptop weer malware, meegekomen met hijackthis. Maar MBAM heeft die verwijderd. Ik word niet goed van al die aanbieders van software waarbij je al die troep meekrijgt...
-
Vanmorgen liep het nog! Dus ik heb de laptop opnieuw opgestart en opnieuw zoek aangezet. Deze keer was het na een kwartiertje al klaar. Hieronder de log:
Heb je trouwens al enig idee welk virus we hadden?
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Leerling on Wed 08/14/2013 at 9:33:18.71.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Leerling\Desktop\zoek.exe [script inserted] [Checkboxes used]
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\Exts\Chrome.crx[02/14/2013 06:02 AM]
Norton Identity Protection - Leerling - Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Empty IE Cache ======================
C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Administrator.LEERLING\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leerling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leerling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Marrit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marrit - kopie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Leerling\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Leerling\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Wed 08/14/2013 at 9:51:40.18 ======================
-
Bedankt weer voor je reactie. Ik heb de laptop gelijk weer aan het werk gezet. Kan het zijn dat deze scan veel langer duurt dan die van vanmorgen? Hij draait nu bijna 3 uur. Maar ik laat hem maar doorlopen vannacht.
-
Gedaan. Voor het downloaden (op mijn eigen laptop) moest ik Norton uitzetten, want Norton verwijdert zoek.exe vw onveilig. Bij het downloaden van die zoek.exe zip file kreeg ik trouwens wel een reclame (amerikaanse lottery oid). Ik hoop dat ik nu niet iets heb opgelopen! Straks ook een keer die adwcleaner draaien op mijn eigen laptop?
Anyway. Op de laptop van mijn dochter heb ik alleen Norton uit kunnen zetten. Kaspersky draait via dat LAN desk in de achtergrond en heeft geen mogelijkheid tot pauzeren. De zoek scan liep echter gewoon en de log post ik hieronder. Misschien handig om te weten dat de eerste keer dat we gespamd hebben, op 25/7 was. Het wachtwoord van haar mailaccount bleek gewijzigd op 22/7. Veel van de wijzigingen daarna hebben te maken met mijn pogingen te scannen of dingen te installeren om erachter te komen wat er aan de hand was.
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Leerling on Tue 08/13/2013 at 8:42:22.90.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Leerling\Desktop\zoek.exe [script inserted] [Checkboxes used]
==== System Restore Info ======================
8/13/2013 8:46:58 AM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\Leerling\Downloads\SoftonicDownloader_voor_speedfan.exe" deleted
"C:\Windows\System32\searchplugins" deleted
"C:\Windows\System32\Extensions" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Leerling\AppData\Local\Temp ====
2013-08-02 18:43:46 DB521C3DC7B679226322033B09719ECA 339440 ----a-w- C:\Users\Leerling\AppData\Local\Temp\uninst1.exe
2013-08-02 09:36:28 7E7EB7AFF595774E5E500B34058CC1A7 192512 ----a-w- C:\Users\Leerling\AppData\Local\Temp\sfamcc00001.dll
2013-08-02 09:36:00 8CF063A27AF7E5E765BB9196108EF589 3446632 ----a-w- C:\Users\Leerling\AppData\Local\Temp\WSSetup.exe
2013-08-02 09:36:00 6F1DC275D4E1C51FB7E4720D83A34AD8 1141752 ----a-w- C:\Users\Leerling\AppData\Local\Temp\spacksyahoo_717_active.exe
2013-08-02 09:35:46 8A4AF3B0695F29186AD02E2FD766FA3B 393016 ----a-w- C:\Users\Leerling\AppData\Local\Temp\mgsqlite3.dll
2013-08-02 09:26:43 89725E5F78B9C958E0337F827F1A38BB 8197392 ----a-w- C:\Users\Leerling\AppData\Local\Temp\bundlesweetimsetup.exe
2013-08-02 08:18:01 576DFFDAACFFA4239364052416CBA8FE 3079168 ----a-w- C:\Users\Leerling\AppData\Local\Temp\NetworkMonitor_Parsers.msi
2013-08-02 07:43:06 44E90427BC6DF0D1C4ADB10B8D144D3C 7403912 ----a-w- C:\Users\Leerling\AppData\Local\Temp\smt.exe
2013-08-02 07:43:02 8E6B0554DA20E359151AA9E5DAA09234 3639040 ----a-w- C:\Users\Leerling\AppData\Local\Temp\pcs.exe
2013-08-02 07:43:01 EB2764885565B6C01CB32E5F51F213B3 785904 ----a-w- C:\Users\Leerling\AppData\Local\Temp\dlt.exe
2013-08-02 07:42:52 2AE766BCBDE4166B2F581F9D8E278AD6 6229392 ----a-w- C:\Users\Leerling\AppData\Local\Temp\rubotted_install.exe
====== C:\Windows\system32 =====
2013-08-02 09:36:40 188E68005ED62F32248032C65CB4DE96 1870 ----a-w- C:\Windows\System32\Microsoft.VC80.CRT.manifest
2013-08-02 09:36:38 1D109ED0D660654EA7FF1574558031C4 479232 ----a-w- C:\Windows\System32\msvcm80.dll
2013-08-02 09:36:37 0E37FBFA79D349D672456923EC5FBBE3 773968 ----a-w- C:\Windows\System32\msvcr100.dll
2013-08-02 09:36:36 BC83108B18756547013ED443B8CDB31B 421200 ----a-w- C:\Windows\System32\msvcp100.dll
2013-08-02 09:28:45 A4001C78F2806662B3BD91ACB44E6330 45 ----a-w- C:\Windows\System32\initdebug.nfo
====== C:\Windows\system32\drivers =====
2013-08-08 08:58:27 F50D81D3E0C7A353F205562B89CD06D6 142496 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS
2013-08-08 08:58:27 A49407DD790FE80602679585F4CB5B4D 805 ----a-w- C:\Windows\System32\drivers\SYMEVENT.INF
2013-08-08 08:58:27 00D71D305168A9618237159714427096 7611 ----a-w- C:\Windows\System32\drivers\SYMEVENT.CAT
2013-07-26 10:42:30 FAF091AA45A6A6CF3CF94FE065950956 175 ----a-w- C:\Windows\System32\drivers\aswSnx.sys.sum
2013-07-26 10:42:30 3FFBEE694566CADB0A64D8A1ACD7DBCE 175 ----a-w- C:\Windows\System32\drivers\aswSP.sys.sum
2013-07-26 10:42:30 22EA82FFE8CA4965C1994F24C35DC202 175 ----a-w- C:\Windows\System32\drivers\aswVmm.sys.sum
====== C:\Windows\Tasks ======
2013-08-02 08:02:29 89B2680B9E67849F8E47C664858A2480 3148 ----a-w- C:\Windows\system32\Tasks\SidebarExecute
2013-07-16 18:39:54 79245DBD010DD8E341D907FB3595CB59 868 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1008459428-2969111410-608844294-1001Core1ce8253dd6f9fa4.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-08-02 09:33:35 -------- d-----w- C:\Program Files\SpeedFan
2013-08-02 07:48:00 -------- d-----w- C:\Program Files\Trend Micro
======= C: =====
2013-08-12 19:25:37 9D473CF72D848EC7E816DE28F4F39FB5 2819 ----a-w- C:\AdwCleaner[s1].txt
====== C:\Users\Leerling\AppData\Roaming ======
2013-08-02 09:37:29 8287D0E6DA60B6E9153D7EDC2C322097 6876 ----a-w- C:\users\Leerling\AppData\Locallow\SkwConfig.bin
2013-08-02 09:33:37 -------- d-----w- C:\users\Leerling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-07-26 10:16:24 -------- d-----w- C:\users\Leerling\AppData\Local\Programs
====== C:\Users\Leerling ======
2013-08-12 19:24:30 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Users\Leerling\Desktop\adwcleaner.exe
2013-08-08 19:37:19 -------- d-----w- C:\ProgramData\SecTaskMan
2013-08-02 09:33:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-08-02 09:26:43 4F9A1342BD43F5A6184088A6B6893062 2143832 ----a-w- C:\Users\Leerling\Desktop\instsf449.exe
2013-08-02 09:15:52 C748C104BA13A9456496D264C4161E7C 4429440 ----a-w- C:\Users\Leerling\Downloads\ccsetup404.exe
2013-08-02 08:18:53 34ADE8B19B3CA38DB005CC938BBD1326 6837560 ----a-w- C:\Users\Leerling\Downloads\NM34_x64.exe
2013-08-02 08:15:46 35666C6A4F79B920215A00314DAEE5BE 8734520 ----a-w- C:\Users\Leerling\Downloads\NM34_ia64.exe
2013-08-02 07:48:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2013-08-02 07:44:24 -------- d-----w- C:\ProgramData\TEMP
====== C: exe-files ==
=== C: other files ==
2013-08-08 09:35:49 AF879C2A9DBF8529E1F8169B8BAC643C 339544 ----a-w- C:\Windows\System32\drivers\NAV\1404000.028\symnets.sys
2013-08-08 09:35:48 40D7124FB57EB208E3DD56A73545FB64 21400 ----a-r- C:\Windows\System32\drivers\NAV\1404000.028\symelam.sys
2013-08-08 09:35:47 1773FB2920EBB3A8BAD0360618091470 934488 ----a-w- C:\Windows\System32\drivers\NAV\1404000.028\symefa.sys
2013-08-08 09:35:46 5A193E5E0F0A776430E5D62A051C1E16 367704 ----a-w- C:\Windows\System32\drivers\NAV\1404000.028\symds.sys
2013-08-08 09:35:45 FE9BD381778A344F0E39AE2D5E607D7F 32344 ----a-w- C:\Windows\System32\drivers\NAV\1404000.028\srtspx.sys
2013-08-08 09:35:43 C743E384E9EFCA10B41C60D406DE39C0 603224 ----a-w- C:\Windows\System32\drivers\NAV\1404000.028\srtsp.sys
2013-08-08 09:35:42 8C9B9036E301A9965CF15BEC91C58A12 175264 ----a-w- C:\Windows\System32\drivers\NAV\1404000.028\ironx86.sys
2013-08-08 09:35:41 3BEE52611F22C9C0023A98A4425E084F 134744 ----a-w- C:\Windows\System32\drivers\NAV\1404000.028\ccsetx86.sys
2013-08-08 09:00:22 1277AD8F053CC60C17CAFAB411F3CF40 134304 ----a-r- C:\Windows\System32\drivers\NST\7DD03000.01A\ccSetx86.sys
2013-08-08 08:58:27 F50D81D3E0C7A353F205562B89CD06D6 142496 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1008459428-2969111410-608844294-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Google Update"="C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe /c"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"LANDesk Antivirus"="C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe /systray"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AcWin7Hlpr"="C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe"
"LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe"
"TpShocks"="TpShocks.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
"Trend Micro RUBotted V2.0 Beta"="C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Google Update"="C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe /c"
==== Startup Folders ======================
2013-04-26 09:54:59 890 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/12/2013 10:30 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/28/2013 11:26 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/28/2013 11:26 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1008459428-2969111410-608844294-1001Core1ce8253dd6f9fa4.job --a------ C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe [05/12/2013 10:19 PM]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\Exts\Chrome.crx[02/14/2013 06:02 AM]
YouTube - Leerling - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Leerling - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - Leerling - Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
Gmail - Leerling - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Reset Google Chrome ======================
C:\users\Leerling\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Leerling\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [LANDesk Antivirus] "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - Avocent Corporation - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\localsch.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\CBA\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Inc. and its affiliates. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: LANDesk® Antivirus protection powered by Kaspersky (kavehost) - Kaspersky Lab ZAO - C:\Program Files\LANDesk\LDClient\antivirus\kavehost.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LANDesk Targeted Multicast - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk® Antivirus (LDAVService) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: LANDesk® Process Trigger Service (ProcTrigger) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Weergave op scherm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: LANDesk® Power Management Track Service (tracksvc) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\tracksvc.exe
==== Empty IE Cache ======================
C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Administrator.LEERLING\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leerling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leerling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Leerling\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Leerling\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Tue 08/13/2013 at 9:52:15.70 ======================
-
We merkten er al niks van, alleen dan dat van dat ene mailaccount. Die dingen als sweetpacks en dealpy zijn er door mijzelf op gekomen. Meegekomen door een download met dat stomme softonic downloader. Je moet tegenwoordig zo goed kijken waar je op klikt als je iets download.
Heb je enig idee welk proces/bestand nu de oorzaak was? Ik zag dat ImhxxpComm.dll als virus te boek staat. Maar ook die rare chrome extension vind ik verdacht.
Ik zal de laptop morgen dan maar een poosje op internet aansluiten en maar hopen dat het spammen niet meer optreedt. Dwz dat we niet afgesloten worden door de provider. Ik zal ook een account voor mijn dochter maken wat niet administrator rights heeft, moet toch ook wat schelen.
IN elk geval alvast heel erg bedankt!
-
Heel erg bedankt voor de reactie!
Ik heb alles uitgevoerd zoals je zei en hier komen de logs.
# AdwCleaner v2.306 - Verslag gemaakt op 12/08/2013 om 21:25:37
# Geactualiseerd op 19/07/2013 door Xplode
# Besturingssysteem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Gebruiker : Leerling - LEERLING
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Leerling\Desktop\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
File Verwijderd : C:\Windows\system32\dmwu.exe
File Verwijderd : C:\Windows\system32\ImhxxpComm.dll
Map Verwijderd : C:\ProgramData\Babylon
Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Map Verwijderd : C:\Users\Leerling\AppData\Roaming\BabSolution
Map Verwijderd : C:\Users\Leerling\AppData\Roaming\Babylon
***** [Register] *****
Sleutel Verwijderd : HKCU\Software\DataMngr
Sleutel Verwijderd : HKCU\Software\IM
Sleutel Verwijderd : HKCU\Software\ImInstaller
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\WNLT
Sleutel Verwijderd : HKLM\SOFTWARE\5d558bdeb639e544
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijderd : HKLM\Software\DataMngr
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Sleutel Verwijderd : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Waarde Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [smart Driver Updater]
***** [browsers] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v28.0.1500.95
File : C:\Users\Leerling\AppData\Local\Google\Chrome\User Data\Default\Preferences
Verwijderd [l.30] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Verwijderd [l.33] : keyword = "delta-search.com",
Verwijderd [l.37] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CE770F1A106D[...]
Verwijderd [l.2180] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6CE770F1A106DB85&affID=122920&tsp=[...]
*************************
AdwCleaner[s1].txt - [2690 octets] - [12/08/2013 21:25:37]
########## EOF - C:\AdwCleaner[s1].txt - [2750 octets] ##########
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:32 PM, on 8/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\LANDesk\LDClient\Antivirus\LDAV.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Users\Leerling\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [LANDesk Antivirus] "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - Avocent Corporation - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\localsch.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\CBA\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Inc. and its affiliates. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: LANDesk® Antivirus protection powered by Kaspersky (kavehost) - Kaspersky Lab ZAO - C:\Program Files\LANDesk\LDClient\antivirus\kavehost.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LANDesk Targeted Multicast - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk® Antivirus (LDAVService) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: LANDesk® Process Trigger Service (ProcTrigger) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Weergave op scherm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: LANDesk® Power Management Track Service (tracksvc) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\tracksvc.exe
--
End of file - 11728 bytes
-
Hallo,
De schoollaptop van mijn dochter blijkt spam te versturen. Hier kwamen we achter omdat we door de provider in quarantaine werden geplaatst. Waarschijnlijk via de gmail van school (school heeft domein bij gmail). De problemen begonnen nl 2 dagen nadat het wachtwoord van dat account was gewijzigd buiten mijn dochter om.
De laptop was beschermd met Kaspersky (via LANDesk) maar een scan met Malwarebytes anti Malware, Avast, en Norton is niets gevonden. MBAM en Avast ook een keer in veilige modus.
Er moet dus toch nog iets zijn. Ik kwam er nu ook achter dat mijn dochter op haar leerling account dus ook administrator rechten heeft. Dat is vast een foutje van school.
Hieronder de hijackThis log die ik gemaakt heb zonder aangesloten te zijn op internet.
Ik hoop dat iemand mij kan helpen. De school is nog gesloten dus daar kunnen we niet terecht.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:46:38 PM, on 8/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\LANDesk\LDClient\Antivirus\LDAV.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskmgr.exe
D:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={ED99B2DA-FB56-11E2-A1EF-C417FEF0E674}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [LANDesk Antivirus] "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Leerling\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [smart Driver Updater] C:\Program Files\Smart Driver Updater\SDULauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - Avocent Corporation - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\localsch.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\CBA\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Inc. and its affiliates. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: LANDesk® Antivirus protection powered by Kaspersky (kavehost) - Kaspersky Lab ZAO - C:\Program Files\LANDesk\LDClient\antivirus\kavehost.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LANDesk Targeted Multicast - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk® Antivirus (LDAVService) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: LANDesk® Process Trigger Service (ProcTrigger) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Weergave op scherm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: LANDesk® Power Management Track Service (tracksvc) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\tracksvc.exe
--
End of file - 11935 bytes
-
Het is allemaal gelukt. Heel erg bedankt voor de duidelijke en snelle hulp!
Helaas bleek gister een site van mijn man ook gehackt. Toen kwam ik er achter dat mijn ftp gegevens ook op die pc stonden in filezilla. Ik zal wel een keer achter die gewerkt hebben. Het is dus niet ondenkbaar dat de ftp gegevens helemaal niet vanaf mijn laptop gelekt zijn geweest, mijn man is nl heel slordig in het doen van updates en doet regelmatig besmettingen op.
Ik zal dus ook die pc goed moeten gaan bekijken. Maar ik zal deze post afsluiten als opgelost!
-
Stom, ik keek onderaan pagina 1. Ik zie door de logjes de post niet meer en andersom...
Alleen die melding "server is bezet", waar ik het in mijn eerste post ook over had, zag ik vandaag weer een keer. Verder heb ik niks gemerkt nog, maar ik had sowieso ook niks gemerkt van gumblar tot mijn site gehackt bleek.
Moet ik nog meer doen nu?
En als we klaar zijn, zou ik graag weten hoe ik dit in de toekomst kan voorkomen? Is het bijv zinnig om eens per week die combofix of die adwcleaner te laten lopen? Ik dacht nl dat ik wel goed beschermd was met MBAM en Avast...
-
Ik kon zweren dat ik de logjes net al op had gestuurd, zeker niet geupload...
-
Hierbij de gevraagde logjes, na het uitvoeren van je instructies.
Zijn we nu eigenlijk nog steeds bezig dat gumblar virus te verwijderen of waren er allerlei andere problemen waar ik niet eens weet van had?
# AdwCleaner v2.101 - Verslag gemaakt op 19/12/2012 om 16:03:56
# Geactualiseerd op 16/12/2012 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Gebruiker : Philippine - LAPTOP-HP
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Philippine\Desktop\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
Map Verwijdert : C:\Program Files\Conduit
Map Verwijdert : C:\Program Files\DVDVideoSoftTB
Map Verwijdert : C:\Program Files\Free Offers from Freeze.com
Map Verwijdert : C:\Users\Philippine\AppData\Local\Conduit
Map Verwijdert : C:\Users\Philippine\AppData\LocalLow\Conduit
Map Verwijdert : C:\Users\Philippine\AppData\LocalLow\DVDVideoSoftTB
Map Verwijdert : C:\Users\Philippine\AppData\LocalLow\pdfforge
Map Verwijdert : C:\Users\Philippine\AppData\LocalLow\PriceGong
Map Verwijdert : C:\Users\Philippine\AppData\LocalLow\Search Settings
Map Verwijdert : C:\Users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\ConduitCommon
Map Verwijdert : C:\Users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\CT2269050
Map Verwijdert : C:\Users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\pdfforge
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Search Settings
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijdert : HKCU\Software\AppDataLow\Toolbar
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Sleutel Verwijdert : HKCU\Software\pdfforge
Sleutel Verwijdert : HKCU\Software\Search Settings
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKLM\Software\Application Updater
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\Software\DVDVideoSoftTB
Sleutel Verwijdert : HKLM\Software\Freeze.com
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73AE2DA1-AA2F-4FF7-80C0-5C3706AA2B5B}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82E82EFE-C08A-4D94-87D3-11AE62849B59}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Sleutel Verwijdert : HKLM\Software\pdfforge
Sleutel Verwijdert : HKLM\Software\Search Settings
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
***** [browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\\ Mozilla Firefox v14.0.1 (nl)
Profielnaam : default
File : C:\Users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\prefs.js
Verwijdert : user_pref("CT2269050..clientLogIsEnabled", true);
Verwijdert : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Verwijdert : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Verwijdert : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Verwijdert : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Verwijdert : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Verwijdert : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Verwijdert : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Verwijdert : user_pref("CT2269050.CTID", "CT2269050");
Verwijdert : user_pref("CT2269050.CurrentServerDate", "15-12-2012");
Verwijdert : user_pref("CT2269050.DSInstall", false);
Verwijdert : user_pref("CT2269050.DialogsAlignMode", "LTR");
Verwijdert : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sat Dec 15 2012 12:04:40 GMT+0100");
Verwijdert : user_pref("CT2269050.DownloadReferralCookieData", "");
Verwijdert : user_pref("CT2269050.EMailNotifierPollDate", "Mon Apr 16 2012 21:22:50 GMT+0200");
Verwijdert : user_pref("CT2269050.FirstServerDate", "16-4-2012");
Verwijdert : user_pref("CT2269050.FirstTime", true);
Verwijdert : user_pref("CT2269050.FirstTimeFF3", true);
Verwijdert : user_pref("CT2269050.FixPageNotFoundErrors", true);
Verwijdert : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Verwijdert : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Verwijdert : user_pref("CT2269050.HPInstall", false);
Verwijdert : user_pref("CT2269050.HasUserGlobalKeys", true);
Verwijdert : user_pref("CT2269050.Initialize", true);
Verwijdert : user_pref("CT2269050.InitializeCommonPrefs", true);
Verwijdert : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Verwijdert : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Verwijdert : user_pref("CT2269050.InstalledDate", "Mon Apr 16 2012 16:52:46 GMT+0200");
Verwijdert : user_pref("CT2269050.InvalidateCache", false);
Verwijdert : user_pref("CT2269050.IsGrouping", false);
Verwijdert : user_pref("CT2269050.IsInitSetupIni", true);
Verwijdert : user_pref("CT2269050.IsMulticommunity", false);
Verwijdert : user_pref("CT2269050.IsOpenThankYouPage", false);
Verwijdert : user_pref("CT2269050.IsOpenUninstallPage", false);
Verwijdert : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Dec 15 2012 12:04:40 GMT+0100");
Verwijdert : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Verwijdert : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Verwijdert : user_pref("CT2269050.LastLogin_3.10.0.1", "Mon Apr 16 2012 20:52:47 GMT+0200");
Verwijdert : user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 19:29:11 GMT+0200");
Verwijdert : user_pref("CT2269050.LastLogin_3.12.2.3", "Tue Jun 12 2012 19:46:39 GMT+0200");
Verwijdert : user_pref("CT2269050.LastLogin_3.13.0.6", "Mon Aug 20 2012 15:10:37 GMT+0200");
Verwijdert : user_pref("CT2269050.LastLogin_3.14.1.0", "Sat Sep 15 2012 20:01:20 GMT+0200");
Verwijdert : user_pref("CT2269050.LastLogin_3.15.1.0", "Sat Dec 15 2012 12:04:39 GMT+0100");
Verwijdert : user_pref("CT2269050.LatestVersion", "3.15.1.0");
Verwijdert : user_pref("CT2269050.Locale", "en");
Verwijdert : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Verwijdert : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Verwijdert : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Verwijdert : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Verwijdert : user_pref("CT2269050.OriginalFirstVersion", "3.10.0.1");
Verwijdert : user_pref("CT2269050.RadioIsPodcast", false);
Verwijdert : user_pref("CT2269050.RadioLastCheckTime", "Mon Apr 16 2012 16:52:47 GMT+0200");
Verwijdert : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Verwijdert : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Verwijdert : user_pref("CT2269050.RadioMediaID", "12473383");
Verwijdert : user_pref("CT2269050.RadioMediaType", "Media Player");
Verwijdert : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Verwijdert : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Verwijdert : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Verwijdert : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Verwijdert : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Verwijdert : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Verwijdert : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Verwijdert : user_pref("CT2269050.SearchInNewTabEnabled", true);
Verwijdert : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Verwijdert : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Dec 15 2012 12:04:38 GMT+0100");
Verwijdert : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Verwijdert : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Verwijdert : user_pref("CT2269050.ServiceMapLastCheckTime", "Sat Dec 15 2012 12:04:39 GMT+0100");
Verwijdert : user_pref("CT2269050.SettingsLastCheckTime", "Sat Dec 15 2012 12:04:38 GMT+0100");
Verwijdert : user_pref("CT2269050.SettingsLastUpdate", "1355392312");
Verwijdert : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Verwijdert : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Verwijdert : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Apr 16 2012 16:52:45 GMT+0200");
Verwijdert : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Verwijdert : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Verwijdert : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Verwijdert : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Verwijdert : user_pref("CT2269050.UserID", "UN89500118783620319");
Verwijdert : user_pref("CT2269050.WeatherNetwork", "");
Verwijdert : user_pref("CT2269050.WeatherPollDate", "Mon Apr 16 2012 21:22:52 GMT+0200");
Verwijdert : user_pref("CT2269050.WeatherUnit", "C");
Verwijdert : user_pref("CT2269050.alertChannelId", "666138");
Verwijdert : user_pref("CT2269050.autoDisableScopes", -1);
Verwijdert : user_pref("CT2269050.backendstorage.cbcountry_000", "4E4C");
Verwijdert : user_pref("CT2269050.backendstorage.cbfirsttime", "4D6F6E2041707220313620323031322031363A35323A35322[...]
Verwijdert : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5361742041707220323120323031322031363A[...]
Verwijdert : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6E65746865726C616E6473");
Verwijdert : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Verwijdert : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Mon Apr 16 2012 16:52:47 GMT+0200");
Verwijdert : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Verwijdert : user_pref("CT2269050.initDone", true);
Verwijdert : user_pref("CT2269050.isAppTrackingManagerOn", true);
Verwijdert : user_pref("CT2269050.isFirstRadioInstallation", false);
Verwijdert : user_pref("CT2269050.myStuffEnabled", true);
Verwijdert : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Verwijdert : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Verwijdert : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Verwijdert : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Verwijdert : user_pref("CT2269050.navigateToUrlOnSearch", false);
Verwijdert : user_pref("CT2269050.revertSettingsEnabled", true);
Verwijdert : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Verwijdert : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Verwijdert : user_pref("CT2269050.testingCtid", "");
Verwijdert : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sat Dec 15 2012 12:04:39 GMT+0100");
Verwijdert : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Mon Apr 16 2012 16:52:49 GMT+0200");
Verwijdert : user_pref("CT2269050.usagesFlag", 2);
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/NL", "\"0\"")[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"daf[...]
Verwijdert : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Philippine\\AppData\\Roaming\\Mozil[...]
Verwijdert : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Verwijdert : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Verwijdert : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Verwijdert : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Verwijdert : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Verwijdert : user_pref("CommunityToolbar.globalUserId", "6ab924b4-65c3-47a6-a341-c99b1927164c");
Verwijdert : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Verwijdert : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Verwijdert : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Verwijdert : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Apr 16 2012 16:52:4[...]
Verwijdert : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Verwijdert : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Apr 16 2012 17:52:57 GMT+020[...]
Verwijdert : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Verwijdert : user_pref("CommunityToolbar.notifications.locale", "en");
Verwijdert : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Verwijdert : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Apr 16 2012 16:52:45 GMT+0200");
Verwijdert : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Verwijdert : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Verwijdert : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Verwijdert : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Verwijdert : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Verwijdert : user_pref("CommunityToolbar.notifications.userId", "d5457996-110c-4b44-8d63-bed8243ed1d6");
Verwijdert : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.nl/");
Verwijdert : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Philippine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
File : C:\Users\vermaatjes\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[s1].txt - [16829 octets] - [19/12/2012 16:03:56]
########## EOF - C:\AdwCleaner[s1].txt - [16890 octets] ##########
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:03, on 19-12-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Philippine\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Special Forces
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: Dropbox.lnk = Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 12047 bytes
-
Het stond idd helemaal door elkaar nadat ik de reactie geupload had. Hier komt ie nog een keer, lijkt nu goed te staan. Zo niet, dan ga ik de kladblok methode proberen. Sorry!
ComboFix 12-12-17.02 - Philippine 19-12-2012 10:13:40.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3579.1921 [GMT 1:00]
Gestart vanuit: c:\users\Philippine\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Philippine\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files\Common Files\Spigot\Search Settings\wth156.dll
c:\program files\Common Files\Spigot\Search Settings\wthx156.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.js
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.xul
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\shared.jsm
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.18
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.19
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\chrome.jar
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\6.6\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\facebook.gif
c:\program files\pdfforge Toolbar\Res\googleplus.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\Lang\res1031.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1033.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1034.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1036.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1040.ini
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\radio-close.gif
c:\program files\pdfforge Toolbar\Res\radio-minimize.gif
c:\program files\pdfforge Toolbar\Res\radiobeta.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_baidu.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\search_yandex.gif
c:\program files\pdfforge Toolbar\Res\twitter.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\users\PHILIP~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Philippine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-11-19 to 2012-12-19 ))))))))))))))))))))))))))))))
.
.
2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\vermaatjes\AppData\Local\temp
2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-19 07:14 . 2012-12-19 07:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\offreg.dll
2012-12-19 06:36 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\mpengine.dll
2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee Security Scan
2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee
2012-12-18 14:30 . 2012-12-18 15:08 -------- d-----w- c:\program files\McAfee Security Scan
2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iPod
2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iTunes
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-17 06:37 . 2012-12-17 06:38 -------- d-----w- c:\program files\QuickTime
2012-12-12 09:40 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-07 10:00 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-07 09:58 . 2012-12-07 09:58 -------- d-----w- c:\program files\Bonjour
2012-11-22 08:24 . 2012-11-22 08:24 8795216 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-20 21:58 . 2012-11-21 06:39 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 16:21 . 2012-04-10 05:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:21 . 2011-08-27 14:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-03-14 09:32 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-14 09:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-14 09:32 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-14 09:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-14 09:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-01-31 19:34 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-14 09:31 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-16 07:39 . 2012-11-28 06:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-03-14 09:32 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 17:40 . 2012-11-16 06:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 06:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-16 06:33 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 06:33 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 06:33 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 06:33 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 06:33 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 06:33 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 06:33 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 06:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 18:54 . 2012-03-14 08:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 09:32 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 09:32 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-09-25 22:47 . 2012-11-16 06:33 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 14:38 . 2011-12-02 15:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
"googletalk"="c:\users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-06-21 2274600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-07-01 1138780]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-07-05 822944]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-07-05 691872]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-16 169528]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 37432]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
"HP CoolSense"="c:\program files\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]
"Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2011-07-15 61112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\Philippine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]
Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2012-3-14 1242728]
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2012-11-20 388576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:06]
.
2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:21]
.
2012-12-18 c:\windows\Tasks\Allway Sync_{48127895C698996A45B959036C9811A2}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2011-12-09 12:00]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]
.
2012-12-16 c:\windows\Tasks\HPCeeScheduleForPhilippine.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.airsoftteam-specialforces.nl/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-14 17:52; wtxpcom@mybrowserbar.com; c:\program files\Common Files\Spigot\wtxpcom
FF - ExtSQL: 2012-11-14 17:52; pdfforge@mybrowserbar.com; c:\program files\pdfforge Toolbar\FF
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4064)
c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Allway Sync\Bin\SyncService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Voltooingstijd: 2012-12-19 10:38:17 - machine werd herstart
ComboFix-quarantined-files.txt 2012-12-19 09:38
ComboFix2.txt 2012-12-18 21:09
.
Pre-Run: 219.912.073.216 bytes beschikbaar
Post-Run: 219.870.289.920 bytes beschikbaar
.
- - End Of File - - C06C8463094BD5891E61712B2450B1F8
-
Ok, gedaan. Hier komen de logs:ComboFix 12-12-17.02 - Philippine 19-12-2012 10:13:40.2.2 - x86Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3579.1921 [GMT 1:00]Gestart vanuit: c:\users\Philippine\Desktop\ComboFix.exegebruikte Opdracht switches :: c:\users\Philippine\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE"..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Application Updaterc:\program files\Application Updater\ApplicationUpdater.exec:\program files\Application Updater\config.inic:\program files\Common Files\Spigotc:\program files\Common Files\Spigot\Search Settings\baidu_ff.xmlc:\program files\Common Files\Spigot\Search Settings\baidu_ie.xmlc:\program files\Common Files\Spigot\Search Settings\config.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1031.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1033.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1034.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1036.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1040.inic:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xmlc:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xmlc:\program files\Common Files\Spigot\Search Settings\SearchSettings.exec:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exec:\program files\Common Files\Spigot\Search Settings\wth156.dllc:\program files\Common Files\Spigot\Search Settings\wthx156.dllc:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xmlc:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xmlc:\program files\Common Files\Spigot\Search Settings\yandex_ff.xmlc:\program files\Common Files\Spigot\Search Settings\yandex_ie.xmlc:\program files\Common Files\Spigot\wtxpcom\chrome.manifestc:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.jsc:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.xulc:\program files\Common Files\Spigot\wtxpcom\chrome\content\shared.jsmc:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifestc:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xptc:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xptc:\program files\Common Files\Spigot\wtxpcom\components\install.rdfc:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dllc:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.18c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.19c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9c:\program files\Common Files\Spigot\wtxpcom\install.rdfc:\program files\pdfforge Toolbarc:\program files\pdfforge Toolbar\FF\chrome.manifestc:\program files\pdfforge Toolbar\FF\chrome\chrome.jarc:\program files\pdfforge Toolbar\FF\install.rdfc:\program files\pdfforge Toolbar\IE\6.6\config.inic:\program files\pdfforge Toolbar\Res\amazon.gifc:\program files\pdfforge Toolbar\Res\ebay.gifc:\program files\pdfforge Toolbar\Res\facebook.gifc:\program files\pdfforge Toolbar\Res\googleplus.gifc:\program files\pdfforge Toolbar\Res\icon_settings.gifc:\program files\pdfforge Toolbar\Res\Lang\res1031.inic:\program files\pdfforge Toolbar\Res\Lang\res1033.inic:\program files\pdfforge Toolbar\Res\Lang\res1034.inic:\program files\pdfforge Toolbar\Res\Lang\res1036.inic:\program files\pdfforge Toolbar\Res\Lang\res1040.inic:\program files\pdfforge Toolbar\Res\pdfc_branding.gifc:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gifc:\program files\pdfforge Toolbar\Res\pdfc_icon.gifc:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gifc:\program files\pdfforge Toolbar\Res\radio-close.gifc:\program files\pdfforge Toolbar\Res\radio-minimize.gifc:\program files\pdfforge Toolbar\Res\radiobeta.gifc:\program files\pdfforge Toolbar\Res\search-button-hover.gifc:\program files\pdfforge Toolbar\Res\search-button.gifc:\program files\pdfforge Toolbar\Res\search-chevron-hover.gifc:\program files\pdfforge Toolbar\Res\search-chevron.gifc:\program files\pdfforge Toolbar\Res\search_amazon.gifc:\program files\pdfforge Toolbar\Res\search_baidu.gifc:\program files\pdfforge Toolbar\Res\search_ebay.gifc:\program files\pdfforge Toolbar\Res\search_yahoo.gifc:\program files\pdfforge Toolbar\Res\search_yandex.gifc:\program files\pdfforge Toolbar\Res\twitter.gifc:\program files\pdfforge Toolbar\Res\widgets.xmlc:\program files\pdfforge Toolbar\WidgiHelper.exec:\users\PHILIP~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dllc:\users\Philippine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll..(((((((((((((((((((( Bestanden Gemaakt van 2012-11-19 to 2012-12-19 ))))))))))))))))))))))))))))))..2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\vermaatjes\AppData\Local\temp2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-19 07:14 . 2012-12-19 07:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\offreg.dll2012-12-19 06:36 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\mpengine.dll2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee Security Scan2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee2012-12-18 14:30 . 2012-12-18 15:08 -------- d-----w- c:\program files\McAfee Security Scan2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iPod2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iTunes2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2012-12-17 06:37 . 2012-12-17 06:38 -------- d-----w- c:\program files\QuickTime2012-12-12 09:40 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys2012-12-07 10:00 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-12-07 09:58 . 2012-12-07 09:58 -------- d-----w- c:\program files\Bonjour2012-11-22 08:24 . 2012-11-22 08:24 8795216 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE2012-11-20 21:58 . 2012-11-21 06:39 -------- d-----w- c:\program files\Mozilla Thunderbird...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-12 16:21 . 2012-04-10 05:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-12 16:21 . 2011-08-27 14:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-10-30 22:51 . 2012-03-14 09:32 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-10-30 22:51 . 2012-03-14 09:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-10-30 22:51 . 2012-03-14 09:32 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-10-30 22:51 . 2012-03-14 09:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2012-10-30 22:51 . 2012-03-14 09:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-10-30 22:51 . 2012-01-31 19:34 41224 ----a-w- c:\windows\avastSS.scr2012-10-30 22:50 . 2012-03-14 09:31 227648 ----a-w- c:\windows\system32\aswBoot.exe2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts2012-10-16 07:39 . 2012-11-28 06:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll2012-10-15 16:59 . 2012-03-14 09:32 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2012-10-09 17:40 . 2012-11-16 06:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll2012-10-09 17:40 . 2012-11-16 06:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll2012-10-03 16:58 . 2012-11-16 06:33 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-10-03 16:42 . 2012-11-16 06:33 242176 ----a-w- c:\windows\system32\nlasvc.dll2012-10-03 16:42 . 2012-11-16 06:33 52224 ----a-w- c:\windows\system32\nlaapi.dll2012-10-03 16:42 . 2012-11-16 06:33 175104 ----a-w- c:\windows\system32\netcorehc.dll2012-10-03 16:42 . 2012-11-16 06:33 18944 ----a-w- c:\windows\system32\netevent.dll2012-10-03 16:42 . 2012-11-16 06:33 156672 ----a-w- c:\windows\system32\ncsi.dll2012-10-03 16:40 . 2012-11-16 06:33 499712 ----a-w- c:\windows\system32\iphlpsvc.dll2012-10-03 15:21 . 2012-11-16 06:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2012-09-29 18:54 . 2012-03-14 08:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-28 09:32 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll2012-09-28 09:32 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys2012-09-25 22:47 . 2012-11-16 06:33 78336 ----a-w- c:\windows\system32\synceng.dll2012-09-24 14:38 . 2011-12-02 15:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]"googletalk"="c:\users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-06-21 2274600]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-07-01 1138780]"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-07-05 822944]"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-07-05 691872]"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-16 169528]"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 37432]"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]"HP CoolSense"="c:\program files\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]"Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2011-07-15 61112]"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896].c:\users\Philippine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2012-3-14 1242728]Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2012-11-20 388576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"HideFastUserSwitching"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"EnableShellExecuteHooks"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]..Inhoud van de 'Gedeelde Taken' map.2012-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:06].2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:21].2012-12-18 c:\windows\Tasks\Allway Sync_{48127895C698996A45B959036C9811A2}.job- c:\program files\Allway Sync\Bin\syncappw.exe [2011-12-09 12:00].2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32].2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32].2012-12-16 c:\windows\Tasks\HPCeeScheduleForPhilippine.job- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]..------- Bijkomende Scan -------.uStart Page = hxxp://www.airsoftteam-specialforces.nl/uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.2.254FF - ProfilePath - c:\users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2012-11-14 17:52; wtxpcom@mybrowserbar.com; c:\program files\Common Files\Spigot\wtxpcomFF - ExtSQL: 2012-11-14 17:52; pdfforge@mybrowserbar.com; c:\program files\pdfforge Toolbar\FF..--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Geladen Onder Lopende Processen ---------------------.- - - - - - - > 'Explorer.exe'(4064)c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.------------------------ Andere Aktieve Processen ------------------------.c:\program files\IDT\WDM\STacSV.exec:\windows\system32\atieclxx.exec:\program files\AVAST Software\Avast\AvastSvc.exec:\windows\system32\WLANExt.exec:\windows\system32\conhost.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Allway Sync\Bin\SyncService.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\servicing\TrustedInstaller.exec:\windows\System32\WUDFHost.exec:\windows\system32\taskhost.exec:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\windows\system32\conhost.exec:\windows\system32\sppsvc.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\CyberLink\YouCam\YCMMirage.exec:\windows\system32\DllHost.exe.**************************************************************************.Voltooingstijd: 2012-12-19 10:38:17 - machine werd herstartComboFix-quarantined-files.txt 2012-12-19 09:38ComboFix2.txt 2012-12-18 21:09.Pre-Run: 219.912.073.216 bytes beschikbaarPost-Run: 219.870.289.920 bytes beschikbaar.- - End Of File - - C06C8463094BD5891E61712B2450B1F8Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:43:11, on 19-12-2012Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16457)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskeng.exeC:\Program Files\CyberLink\YouCam\YCMMirage.exeC:\Windows\Explorer.exeC:\Windows\system32\notepad.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Users\Philippine\Desktop\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.airsoftteam-specialforces.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllO3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exeO4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeO4 - HKLM\..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exeO4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exeO4 - HKLM\..\Run: [HP CoolSense] C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyO4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exeO4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeO4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiO4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"O4 - HKCU\..\Run: [googletalk] C:\Users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostartO4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeO4 - Startup: Dropbox.lnk = Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exeO4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exeO4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exeO4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exeO9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exeO23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exeO23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exeO23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exeO23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exeO23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeO23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exeO23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exeO23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeO23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exeO23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe--End of file - 10669 bytes
-
Het heeft even wat voeten in aarde gehad, vooral het installeren en uitvoeren van combofix ging nogal vaak fout. Maar uiteindelijk is hij toch helemaal uitgelopen. Hier volgt de log van combofix:
ComboFix 12-12-17.02 - Philippine 18-12-2012 21:44:16.1.2 - x86
Gestart vanuit: c:\users\Philippine\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PHILIP~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Philippine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Philippine\AppData\Local\TempDIR
c:\users\vermaatjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))))
.
.
2012-12-18 15:47 . 2012-12-18 15:47 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C03EEA4-556B-4E2B-97B3-6DFE92EC9CDD}\offreg.dll
2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee Security Scan
2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee
2012-12-18 14:30 . 2012-12-18 15:08 -------- d-----w- c:\program files\McAfee Security Scan
2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iPod
2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iTunes
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-17 06:37 . 2012-12-17 06:38 -------- d-----w- c:\program files\QuickTime
2012-12-14 06:32 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C03EEA4-556B-4E2B-97B3-6DFE92EC9CDD}\mpengine.dll
2012-12-12 09:40 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-07 10:00 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-07 09:58 . 2012-12-07 09:58 -------- d-----w- c:\program files\Bonjour
2012-12-04 20:39 . 2012-12-04 20:39 -------- d-----w- c:\program files\Application Updater
2012-12-04 20:39 . 2012-12-04 20:39 -------- d-----w- c:\program files\pdfforge Toolbar
2012-12-04 20:39 . 2012-12-04 20:39 -------- d-----w- c:\program files\Common Files\Spigot
2012-11-22 08:24 . 2012-11-22 08:24 8795216 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-20 21:58 . 2012-11-21 06:39 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 16:21 . 2012-04-10 05:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:21 . 2011-08-27 14:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-03-14 09:32 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-14 09:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-14 09:32 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-14 09:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-14 09:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-01-31 19:34 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-14 09:31 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-16 07:39 . 2012-11-28 06:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-03-14 09:32 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 17:40 . 2012-11-16 06:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 06:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-16 06:33 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 06:33 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 06:33 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 06:33 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 06:33 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 06:33 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 06:33 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 06:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 18:54 . 2012-03-14 08:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 09:32 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 09:32 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-09-25 22:47 . 2012-11-16 06:33 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 14:38 . 2011-12-02 15:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
"googletalk"="c:\users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-06-21 2274600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-07-01 1138780]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-07-05 822944]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-07-05 691872]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-16 169528]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 37432]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
"HP CoolSense"="c:\program files\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]
"Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2011-07-15 61112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\Philippine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]
Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2012-3-14 1242728]
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2012-11-20 388576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:06]
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:21]
.
2012-12-18 c:\windows\Tasks\Allway Sync_{48127895C698996A45B959036C9811A2}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2011-12-09 12:00]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]
.
2012-12-16 c:\windows\Tasks\HPCeeScheduleForPhilippine.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.airsoftteam-specialforces.nl/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-14 17:52; wtxpcom@mybrowserbar.com; c:\program files\Common Files\Spigot\wtxpcom
FF - ExtSQL: 2012-11-14 17:52; pdfforge@mybrowserbar.com; c:\program files\pdfforge Toolbar\FF
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(1744)
c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Allway Sync\Bin\SyncService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Voltooingstijd: 2012-12-18 22:09:56 - machine werd herstart
ComboFix-quarantined-files.txt 2012-12-18 21:09
.
Pre-Run: 220.107.788.288 bytes beschikbaar
Post-Run: 220.401.799.168 bytes beschikbaar
.
- - End Of File - - 67A7302B8EC40EA214FBC33B32C5F573
Hier komt de hijack log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:14:20, on 18-12-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Philippine\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Special Forces
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: Dropbox.lnk = Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 11034 bytes
-
Ik heb het bovenste stukje gedaan (opdrachtprompt etc) en ik daar heb ik geen foutmeldingen gekregen. Als ik je goed begrijp, hoefde ik de rest alleen te doen als ik foutmeldingen kreeg. Of het combofix gedeelte wel?
In ieder geval bedankt voor de snelle reactie!
-
Vorige week bleek een van mijn websites gehackt, en de host heeft mij gemeld dat de ftp gegevens van die site waren gelekt, en dat is gebeurd via het gumblar virus. De site is weer schoon, en alle ftp wachtwoorden gewijzigd, maar ik maak me toch zorgen of het virus eigenlijk wel van mijn laptop af is.
Meestal vind ik het antwoord wel door op enkele forums te kijken naar vergelijkbare problemen, maar dit keer kom ik er niet uit. Ik hoop dat iemand van jullie me kan helpen.
Wat heb ik gedaan en wat heb ik gevonden:
Ik heb avast antivirus en MBAM laten lopen, vonden niets.
Maar er gebeuren de laatste weken wel rare dingen. Wantrouwig als ik ben geworden, vraag ik me af of ik nog besmet ben:Telkens als ik opstart komt er het volgende window, waarvan ik geen idee heb waar dat mee te maken heeft, windows start ook gewoon op.
Vervolgens heb ik hijjack this laten lopen (log zie onderaan), en die liep er gelijk tegenaan dat het hosts bestand (zie onder) niet gescand kon worden. Nu vond ik ergens dat gumbar ook iets doet met dat bestand.
Kan iemand mij vertellen of er nog iets kwalijks op mijn pc is achtergebleven en zo ja, hoe ik het eraf moet krijgen.
Alvast bedankt!
Hierbij de inhoud van mijn host bestand:
# Copyright © 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhostDe hijjack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:35:34, on 18-12-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\McAfee Security Scan\3.0.285\McUICnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Philippine\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Special Forces
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: Dropbox.lnk = Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 15125 bytes
- - - Updated - - -
Oh, ik zie dat het plaatje niet is meegegaan. Het window meldt de volgende tekst:
Server Bezet.
Deze actie kan niet worden voltooid omdat het ander programma bezet is. Klik op activeren om naar dit programma over te schakelen en het probleem op te lossen.
converteren externe HDD van fat32 naar ntfs loopt vast?
in Archief Hardware algemeen
Geplaatst:
Ik had zeker weten het juiste pad. Covert.exe scant zelf ook de schijf en vond geen problemen. Gisteravond heb ik de boel maar gewoon uitgezet toen ik naar bed ging. Na opnieuw aansluiten van de schijf vanmorgen bleek er dus eigenlijk helemaal niets gebeurd te zijn. De schijf was benaderbaar, alles stond er nog op en het bestandsysteem was nog fat32.
Ik heb de hele procedure op een andere pc geprobeerd en daarop kreeg ik de melding dat de conversie niet kon met de mededeling: cannot create the elementary file system structures. Daarna heb ik maar gewoon de schijf opnieuw geformatteerd, met nfts. Dat lukte wel.
Begrijpen doe ik het niet, maar het is opgelost.
Bedankt in elk geval voor de hulp!