He eindelijk een antwoord: FaZANTJE EN jOS ALVAST BEDANKT VOOR DE HULP:Ik hoop dat dit goed is
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:30, on 2-1-2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\anysee\anysee-E30Series\anysee_TR.exe
C:\Program Files (x86)\anysee\Driver\CNO.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\anysee\anysee-E30Series\anysee_TR.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\anysee\Driver\CNO.EXE
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
–
ComboFix 12-01-02.01 - Janos 02-01-2012 21:51:27.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.8174.6134
Gestart vanuit: c:\users\Janos\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Janos\AppData\Roaming\EurekaLog
c:\users\Janos\AppData\Roaming\EurekaLog\KPN_Assistent\KPN_Assistent_JANOS-PC.elf
c:\windows\IsUn0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-02 to 2012-01-02 ))))))))))))))))))))))))))))))
.
.
2012-01-02 20:57 . 2012-01-02 20:57 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-02 20:54 . 2012-01-02 20:54 ——– d—–w- c:\windows\system32\SPReview
2012-01-02 10:17 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 10:17 . 2012-01-02 10:17 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 09:41 . 2012-01-02 09:41 ——– d—–w- c:\windows\system32\EventProviders
2012-01-01 20:55 . 2012-01-01 20:55 ——– d—–w- c:\program files (x86)\Trend Micro
2012-01-01 20:50 . 2012-01-01 20:50 ——– d—–w- c:\users\Janos\AppData\Roaming\Malwarebytes
2012-01-01 20:50 . 2012-01-01 20:50 ——– d—–w- c:\programdata\Malwarebytes
2012-01-01 20:42 . 2011-06-21 04:09 200976 —-a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-12-30 09:23 . 2011-11-21 11:40 8822856 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39E58A0F-4B31-4D5E-8987-6B6EB902EC0C}\mpengine.dll
2011-12-29 13:26 . 2011-12-29 13:26 ——– d—–w- c:\users\Janos\AppData\Roaming\AVS4YOU
2011-12-21 10:02 . 2011-12-21 10:02 ——– d—–w- c:\programdata\AVS4YOU
2011-12-21 10:01 . 2010-05-25 13:40 774144 —-a-w- c:\windows\SysWow64\htmlayout.dll
2011-12-21 10:01 . 2011-12-29 13:26 ——– d—–w- c:\program files (x86)\Common Files\AVSMedia
2011-12-21 10:01 . 2011-12-30 09:38 ——– d—–w- c:\program files (x86)\AVS4YOU
2011-12-21 10:01 . 2010-07-21 13:32 1700352 —-a-w- c:\windows\SysWow64\GdiPlus.dll
2011-12-21 10:01 . 2010-07-21 13:31 24576 —-a-w- c:\windows\SysWow64\msxml3a.dll
2011-12-15 20:55 . 2011-12-15 20:55 ——– d—–w- c:\users\Janos\AppData\Roaming\vlc
2011-12-15 20:55 . 2011-12-15 20:55 ——– d—–w- c:\users\Janos\AppData\Local\Ilivid Player
2011-12-15 20:53 . 2011-12-15 20:58 ——– d—–w- c:\program files (x86)\iLivid
2011-12-15 20:53 . 2011-12-15 20:53 ——– d—–w- c:\program files (x86)\Windows iLivid Toolbar
2011-12-15 20:53 . 2011-12-15 20:53 ——– d—–w- c:\programdata\boost_interprocess
2011-12-14 10:37 . 2011-11-05 05:17 2048 —-a-w- c:\windows\system32\tzres.dll
2011-12-14 10:37 . 2011-11-05 04:30 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 10:33 . 2011-10-26 05:19 43520 —-a-w- c:\windows\system32\csrsrv.dll
2011-12-11 15:00 . 2011-12-11 15:00 ——– d—–w- c:\programdata\X10 Settings
2011-12-11 14:59 . 2009-05-13 12:26 15896 —-a-w- c:\windows\system32\drivers\x10hid.sys
2011-12-11 14:59 . 2009-05-13 12:47 32792 —-a-w- c:\windows\system32\drivers\x10ufx2.sys
2011-12-11 14:59 . 1999-06-25 09:56 127184 —-a-w- c:\windows\Unwise.exe
2011-12-11 14:59 . 2011-12-30 13:55 ——– d—–w- c:\program files (x86)\X10 Hardware
2011-12-11 14:59 . 2011-12-11 14:59 ——– d—–w- c:\program files (x86)\Common Files\X10
2011-12-11 14:59 . 2003-02-21 04:42 348160 —-a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-11 14:59 . 2002-01-05 03:37 344064 —-a-w- c:\windows\SysWow64\msvcr70.dll
2011-12-11 14:58 . 2011-12-11 14:58 ——– d—–w- C:\Medion
2011-12-07 14:53 . 2011-12-30 14:12 ——– d—–w- c:\program files (x86)\anysee
2011-12-06 10:49 . 2011-12-06 10:52 ——– d—–w- c:\users\Janos\AppData\Roaming\IrfanView
2011-12-06 10:23 . 2006-10-30 23:10 51360 ——w- c:\windows\SysWow64\EpPicPrt.dll
2011-12-06 10:23 . 2006-10-30 23:10 51360 ——w- c:\windows\SysWow64\EpPicMgr.dll
2011-12-06 10:23 . 2006-10-19 23:10 80024 ——w- c:\windows\SysWow64\PICSDK.dll
2011-12-06 10:23 . 2006-10-19 23:10 501912 ——w- c:\windows\SysWow64\PICSDK2.dll
2011-12-06 10:23 . 2006-10-19 23:10 108704 ——w- c:\windows\SysWow64\PICEntry.dll
2011-12-06 10:23 . 2011-12-06 10:23 ——– d—–w- c:\users\Janos\AppData\Roaming\InstallShield
2011-12-06 10:23 . 2011-12-06 10:23 ——– d—–w- C:\epson
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 21:05 . 2012-01-02 21:05 69000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39E58A0F-4B31-4D5E-8987-6B6EB902EC0C}\offreg.dll
2011-12-01 11:07 . 2011-12-01 11:07 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-11-28 18:01 . 2011-10-28 19:01 41184 —-a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-28 19:01 199816 ——w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-10-28 19:02 256960 —-a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-10-28 19:02 591192 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-28 19:02 304472 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-28 19:02 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-28 19:02 58712 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-28 19:02 66904 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-10-28 19:02 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-28 18:33 . 2010-06-24 19:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“swg”=“c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
.
“anysee_TR”=“c:\program files (x86)\anysee\anysee-E30Series\anysee_TR.exe”
“anysee CNO”=“c:\program files (x86)\anysee\Driver\CNO.EXE”
“Malwarebytes' Anti-Malware”=“c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“AppInit_DLLs”=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys
R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
R4 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R4 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S1 AMTBDA_P861F;anysee Capture Service;c:\windows\system32\DRIVERS\anyseeTU.SYS
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— x86-64 ———–
.
.
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
“LoadAppInit_DLLs”=0x1
“AppInit_DLLs”=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startpagina.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
SafeBoot-BsScanner
Toolbar-10 - (no file)
AddRemove-SideWinder Force Feedback 2 - c:\windows\IsUn0413.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-02 22:11:11 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-02 21:11
.
Pre-Run: 907.415.846.912 bytes beschikbaar
Post-Run: 907.339.677.696 bytes beschikbaar
.
- - End Of File - - 3468727E8613313A5B5311B40583FBC3
End of file - 9113 bytes
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
