Ga naar inhoud

istage

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    33

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door istage

  1. istage
    Het probleeem blijft, geen verbeteringen, blijft vastlopen na een poosje, soms snel soms na een poosje. Moet PC dan hardware matig herstarten. Zat zelf ook nog te deneken aan een conflict of een fout in het geheugen.
  2. istage
    Heb de hele procedure nog eens gedaan. Hieronder het logbestand. ComboFix 13-07-27.01 - Andries 28-07-2013 12:30:49.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.7693.5970 [GMT 2:00] Gestart vanuit: d:\download\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\users\Andries\AppData\Local\Temp\{53C72472-E2C5-4AA8-BE14-B2BDA7EA8CD5}\fpb.tmp c:\users\Andries\AppData\Roaming\moka c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBook.sqlitedb c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBookImages.sqlitedb c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Calendar.sqlitedb c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\call_history.db c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Info.plist c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\notes.db c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\sms.db c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\158x158.ithmb c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBook.sqlitedb c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBookImages.sqlitedb c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748-preview-left.jpg c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748.jpg c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666-preview-left.jpg c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666.jpg c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Calendar.sqlitedb c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\call_history.db c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Info.plist c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Manifest.mbdb c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\notes.db c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Photos.sqlite c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\PhotosAux.sqlite c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\sms.db c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Thumbs.THM c:\users\Andries\AppData\Roaming\Secure-Soft Stealer c:\users\Andries\AppData\Roaming\Secure-Soft Stealer\Update.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-28 )))))))))))))))))))))))))))))) . . 2013-07-28 10:33 . 2013-07-28 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-27 20:10 . 2013-07-27 20:10 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{522E183B-83AD-4245-B9D1-98EDB466EAD7}\offreg.dll 2013-07-27 18:16 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{522E183B-83AD-4245-B9D1-98EDB466EAD7}\mpengine.dll 2013-07-27 14:51 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-27 14:46 . 2013-07-28 10:33 -------- d-----w- c:\users\Andries\AppData\Local\Temp 2013-07-27 14:46 . 2013-07-27 14:43 24064 ----a-w- c:\windows\zoek-delete.exe 2013-07-27 12:35 . 2013-07-27 12:35 388096 ----a-r- c:\users\Andries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-27 12:35 . 2013-07-27 12:35 -------- d-----w- c:\program files (x86)\Trend Micro 2013-07-26 18:48 . 2013-07-26 18:48 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{410F4D8B-27BC-468F-BC57-76794736708E}\gapaengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-27 16:00 . 2011-11-17 14:44 78185248 ----a-w- c:\windows\system32\MRT.exe 2013-06-21 17:50 . 2012-02-10 08:47 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-29 07:46 . 2013-05-29 07:46 204932 ----a-r- c:\windows\SysWow64\MSPOS_USB.dll 2013-05-13 05:51 . 2013-06-21 21:31 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-21 21:31 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-21 21:31 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-21 21:31 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-21 21:31 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-21 21:31 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-21 21:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-21 21:31 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-21 21:31 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-21 21:31 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-21 21:31 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-21 21:31 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39 . 2013-06-21 21:31 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] . c:\users\Andries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2011-10-5 5385552] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 mcnialzh;mcnialzh;c:\windows\system32\drivers\mcnialzh.sys;c:\windows\SYSNATIVE\drivers\mcnialzh.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x] S2 RtlService;RtlService;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:32] . 2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000Core.job - c:\users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01] . 2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000UA.job - c:\users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://istage.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-07-28 12:34:13 ComboFix-quarantined-files.txt 2013-07-28 10:34 . Pre-Run: 66.215.661.568 bytes free Post-Run: 66.176.737.280 bytes free . - - End Of File - - B518AB6D1C612152EAFDC02EC301BB02 D41D8CD98F00B204E9800998ECF8427E
  3. istage
    ComboFix 13-07-27.01 - Andries 27-07-2013 20:09:41.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.7693.5754 [GMT 2:00] Gestart vanuit: D:\Download\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Andries\AppData\Local\Temp\{53C72472-E2C5-4AA8-BE14-B2BDA7EA8CD5}\fpb.tmp C:\Users\Andries\AppData\Roaming\moka C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBook.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBookImages.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Calendar.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\call_history.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Info.plist C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\notes.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\sms.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\158x158.ithmb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBook.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBookImages.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748-preview-left.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666-preview-left.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Calendar.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\call_history.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Info.plist C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Manifest.mbdb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\notes.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Photos.sqlite C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\PhotosAux.sqlite C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\sms.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Thumbs.THM C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer\Update.exe (((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 )))))))))))))))))))))))))))))) 2013-07-27 18:12:07 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-07-27 14:51:31 . 2013-07-02 08:34:27 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-27 14:46:27 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Andries\AppData\Local\Temp 2013-07-27 14:46:27 . 2013-07-27 14:43:39 24064 ----a-w- C:\Windows\zoek-delete.exe 2013-07-27 12:35:19 . 2013-07-27 12:35:20 388096 ----a-r- C:\Users\Andries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-27 12:35:19 . 2013-07-27 12:35:19 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-07-26 18:48:53 . 2013-07-26 18:48:20 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{410F4D8B-27BC-468F-BC57-76794736708E}\gapaengine.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-07-27 16:00:23 . 2011-11-17 14:44:45 78185248 ----a-w- C:\Windows\system32\MRT.exe 2013-06-21 17:50:04 . 2012-02-10 08:47:58 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-29 07:46:52 . 2013-05-29 07:46:52 204932 ----a-r- C:\Windows\SysWow64\MSPOS_USB.dll 2013-05-13 05:51:01 . 2013-06-21 21:31:05 184320 ----a-w- C:\Windows\system32\cryptsvc.dll 2013-05-13 05:51:00 . 2013-06-21 21:31:05 1464320 ----a-w- C:\Windows\system32\crypt32.dll 2013-05-13 05:51:00 . 2013-06-21 21:31:05 139776 ----a-w- C:\Windows\system32\cryptnet.dll 2013-05-13 05:50:40 . 2013-06-21 21:31:05 52224 ----a-w- C:\Windows\system32\certenc.dll 2013-05-13 04:45:55 . 2013-06-21 21:31:05 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 . 2013-06-21 21:31:05 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 . 2013-06-21 21:31:05 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 . 2013-06-21 21:31:05 1192448 ----a-w- C:\Windows\system32\certutil.exe 2013-05-13 03:08:10 . 2013-06-21 21:31:05 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 . 2013-06-21 21:31:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 . 2013-06-21 21:31:12 30720 ----a-w- C:\Windows\system32\cryptdlg.dll 2013-05-10 03:20:54 . 2013-06-21 21:31:12 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 . 2013-06-21 21:31:11 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-05-02 15:29:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 09:10:12 284440] C:\Users\Andries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - C:\Users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] MailWasherPro.lnk - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2011-10-5 5385552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R1 mcnialzh;mcnialzh;C:\Windows\system32\drivers\mcnialzh.sys;C:\Windows\SYSNATIVE\drivers\mcnialzh.sys [x] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys;C:\Windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys;C:\Windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys;C:\Windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe;C:\Program Files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys;C:\Windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x] S2 RtlService;RtlService;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x] S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys;C:\Windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys;C:\Windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys;C:\Windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] Inhoud van de 'Gedeelde Taken' map 2013-07-27 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:32:25 . 2012-04-19 07:32:25] 2013-07-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000Core.job - C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01:51 . 2011-11-30 15:01:50] 2013-07-27 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000UA.job - C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01:51 . 2011-11-30 15:01:50] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 10:34:16 1281512] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-12-14 01:42:14 172144] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-12-14 01:42:10 399984] "Persistence"="C:\Windows\system32\igfxpers.exe" [2012-12-14 01:42:14 441968] ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = hxxp://istage.nl/ mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
  4. istage
    ComboFix 13-07-27.01 - Andries 27-07-2013 20:09:41.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.7693.5754 [GMT 2:00] Gestart vanuit: D:\Download\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Andries\AppData\Local\Temp\{53C72472-E2C5-4AA8-BE14-B2BDA7EA8CD5}\fpb.tmp C:\Users\Andries\AppData\Roaming\moka C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBook.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBookImages.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Calendar.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\call_history.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Info.plist C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\notes.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\sms.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\158x158.ithmb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBook.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBookImages.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748-preview-left.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666-preview-left.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666.jpg C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Calendar.sqlitedb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\call_history.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Info.plist C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Manifest.mbdb C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\notes.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Photos.sqlite C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\PhotosAux.sqlite C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\sms.db C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Thumbs.THM C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer\Update.exe (((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 )))))))))))))))))))))))))))))) 2013-07-27 18:12:07 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-07-27 14:51:31 . 2013-07-02 08:34:27 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-27 14:46:27 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Andries\AppData\Local\Temp 2013-07-27 14:46:27 . 2013-07-27 14:43:39 24064 ----a-w- C:\Windows\zoek-delete.exe 2013-07-27 12:35:19 . 2013-07-27 12:35:20 388096 ----a-r- C:\Users\Andries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-27 12:35:19 . 2013-07-27 12:35:19 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-07-26 18:48:53 . 2013-07-26 18:48:20 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{410F4D8B-27BC-468F-BC57-76794736708E}\gapaengine.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-07-27 16:00:23 . 2011-11-17 14:44:45 78185248 ----a-w- C:\Windows\system32\MRT.exe 2013-06-21 17:50:04 . 2012-02-10 08:47:58 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-29 07:46:52 . 2013-05-29 07:46:52 204932 ----a-r- C:\Windows\SysWow64\MSPOS_USB.dll 2013-05-13 05:51:01 . 2013-06-21 21:31:05 184320 ----a-w- C:\Windows\system32\cryptsvc.dll 2013-05-13 05:51:00 . 2013-06-21 21:31:05 1464320 ----a-w- C:\Windows\system32\crypt32.dll 2013-05-13 05:51:00 . 2013-06-21 21:31:05 139776 ----a-w- C:\Windows\system32\cryptnet.dll 2013-05-13 05:50:40 . 2013-06-21 21:31:05 52224 ----a-w- C:\Windows\system32\certenc.dll 2013-05-13 04:45:55 . 2013-06-21 21:31:05 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 . 2013-06-21 21:31:05 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 . 2013-06-21 21:31:05 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 . 2013-06-21 21:31:05 1192448 ----a-w- C:\Windows\system32\certutil.exe 2013-05-13 03:08:10 . 2013-06-21 21:31:05 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 . 2013-06-21 21:31:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 . 2013-06-21 21:31:12 30720 ----a-w- C:\Windows\system32\cryptdlg.dll 2013-05-10 03:20:54 . 2013-06-21 21:31:12 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 . 2013-06-21 21:31:11 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-05-02 15:29:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  5. istage
    Ik heb herstart, maar de vastlopers blijven, ik moet de PC dan via de resetknop herstarten.
  6. istage
    Zoek.exe Version 4.0.0.4 Updated 26-07-2013 Tool run by Andries on za 27-07-2013 at 16:43:40,57. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Andries\Desktop\zoek.exe [script inserted] ==== System Restore Info ====================== 27-7-2013 16:44:44 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\Users\Public\sdelevURL.tmp" deleted "C:\Users\Andries\AppData\Roaming\Aras\yqbi.laa" deleted "C:\Users\Andries\AppData\Roaming\Aras\yqbi.tmp" deleted "C:\Users\Andries\AppData\Roaming\Yfsi\agha.tmp" deleted "C:\Users\Andries\AppData\Roaming\Yfsi\agha.yne" deleted "C:\Users\Andries\AppData\Roaming\Aras" deleted "C:\Users\Andries\AppData\Roaming\Yfsi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[12-07-2013 14:38] Skype for Chromium - Andries - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="iStage" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="iStage" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{2880A8EC-F9E6-4203-87B9-57C58621F174}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {2880A8EC-F9E6-4203-87B9-57C58621F174} Google Url="{searchTerms - Google zoeken}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Andries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Andries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Andries\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Andries\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Andries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
  7. istage
    Wie kan me helpen. Mijn PC loopt steeds na een poosje vasat en heb al verschillende progjes gebruikt, maar nergens een foutmelding. Weet ook nog niet of het software of hardware is wat het probleem veroorzaakt. Wellicht kan iemand ahv het logbestand de oorzaak achterhalen. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:40:29, on 27-7-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16490) Boot mode: Normal Running processes: C:\Users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iStage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Dropbox.lnk = Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: MailWasherPro.lnk = C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - Automatically Find HP Updates | HP Support O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtlService - Realtek - C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8529 bytes
  8. istage
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:40:29, on 27-7-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16490) Boot mode: Normal Running processes: C:\Users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iStage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Dropbox.lnk = Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: MailWasherPro.lnk = C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - Automatically Find HP Updates | HP Support O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtlService - Realtek - C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8529 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.