Badoo

John Klerks

04-02-2012 10:32

Hoi allemaal , als ik bij Badoo in wil loggen, of op welke mannier ik contact zoek , krijg ik steeeds dezelfde pagina . who , what gives met de melding dat ze zo terug zijn . heb dit nu gedurende een week. dus nu vermoed ik dat het een virrus is omdat een bekende 10 km verder wel er op kan. kan iemand mij hier bij helpen. Gr, John
Jos H

04-02-2012 10:46

John voer even het stappenplan uit http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317
En plaats dan de twee gevraagde logjes.
Ben

04-02-2012 10:49

Hallo John,
Als je denkt dat je en virus heb doe eerst de volgende stappen: KLIK
En plaats daarna de Twee gevraagde logjes.
Dan kunnen we voor je gaan kijken.
Gr.Ben
John Klerks

10-02-2012 08:19

Hoi , Ik kan sinds een week niet meer op badoo inloggen of op een andere manier contact maken via mijn eigen
laptop. Maar op een andere laptop gaat het wel. ik krijg steeds deze tekst. Hey, what gives?
We're sorry, this page is temporarily unavailable. We're currently working to fix this problem.
You'll be able to use this service in few minutes. For now you can still use other sections of the website.
Ik heb alle stappen van jullie handleiding uitgevoerd maar het probleem blijft, ik heb de logjes bij gevoegd Gr. John
Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
www.malwarebytes.org
Databaseversie: v2012.02.09.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
JOHN :: PC_VAN_JOHN
Realtime bescherming: Ingeschakeld
9-2-2012 20:37:38
mbam-log-2012-02-09 (20-37-38).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 173677
Verstreken tijd: 18 minuut/minuten, 54 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 8
C:\Users\JOHN\AppData\Roaming\16421538 (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\JOHN\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\ShoppingReport2\Bin\2.7.21 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Trend Micro HijackThis v2.0.4 *
See bottom for version history.
The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking ‘Info on selected item’.
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of ‘Internet Options’ Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra ‘Tools’ menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE ‘Advanced’ settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components
Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention
* Version history *
* Fixed parser issues on winlogon notify
* Fixed issues to handle certain environment variables
* Rename HJT generates complete scan log
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of ‘unexpected error’ bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added ‘Delete NT Service’ function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed ‘ISTSVC’ autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage ‘Add/Remove Software’ list
* Added option to scan the system at startup, then show results or quit if nothing found
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added ‘Action taken’ to info in ‘More info on this item’
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying ‘%shitbrowser%’ (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed ‘Check for Update’ not detecting new versions.
* Added check for Lop.com ‘Domain’ hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
* Added ‘ignore non-standard but safe domains’ option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new ‘Misc Tools’ section of the Config screen!
* Improves detecting of O6.
* Some internal changes/improvements.
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
* Fixes Runtime Error when Hosts file is empty.
* Added enumerating of MSIE plugins
* Added check for extra options in ‘Advanced’ tab of ‘Internet Options’.
* Adds ‘Uninstall & Exit’ and ‘Check for update online’ functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
* Adds detecting of extra MSIE context menu items
* Added detecting of extra ‘Tools’ menu items and extra buttons
* Added ‘Confirm deleting/ignoring items’ checkbox
* Adds ‘Ignorelist’ and ‘Info’ functions
* Supports BHO's, some default URL changes
* Original release
A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
fazantje

10-02-2012 08:38

Hallo John,
Zo te zie is er iets fout gegaan met HijackThis.
Ga naar: C (deze computer) - program files - trend micro - hijackthis.
Klik nu met de rechtermuisknop 1x op het rode hijackthis.exe en kies dan voor: Als Administrator uitvoeren.
Klik dan op scan, en als de scan klaar is op save log.
Plaats dit logje graag hier, zodat we jou verder kunnen helpen.
Succes,
Huib;)
John klerks

10-02-2012 15:17

Hoi, ik hoop dat het nu beter is. Gr. John
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:10:33, on 10-2-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ParetoLogic\FileCure\FileCure.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Users\JOHN\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\calc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
R3 - URLSearchHook: (no name) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\tbAF-H.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\tbAF-H.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\tbAF-H.dll
O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: Skytel.exe
O4 - HKLM\..\Run: C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Ask.com\Updater\Updater.exe”
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: “C:\Acer\Empowering Technology\eAudio\eAudio.exe”
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM\..\Run: “C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe”
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe”
O4 - HKLM\..\Run: “C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe” /Traybar
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM\..\Run: “C:\Program Files\Real\RealPlayer\Update\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: “C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe” /hideGUI
O4 - HKCU\..\Run: C:\Program Files\ARO 2012\ARO.exe -rem
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 14107 bytes
Ben

10-02-2012 16:11

Hallo John,
Hoeveel virusscanners gebruik je ik zie er twee:
Panda en Avira verwijder daar één van.
1. Klik op Start > (Instellingen) > Configuratiescherm > Een programma verwijderen:
De volgende Toolbars:
Ask
AF-HSS
Conduit Engine
Nero
2. Start HijackThis;
Klik met de rechtermuis op het programma Hijackthis en kies voor “Uitvoeren als Administrator”
Kies voor ‘Do a system scan only’.
Selecteer de regel die hier onder staan.(indien aanwezig)
R3 - URLSearchHook: (no name) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\tbAF-H.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\tbAF-H.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\tbAF-H.dll
O4 - HKLM\..\Run: “C:\Program Files\Ask.com\Updater\Updater.exe”
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.
Start de computer opnieuw op.
3. Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
- Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze elkaar tegen werken.
* ( hier of hier staat een handleiding over hoe je deze kan uitschakelen)
- Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
- Dubbelklik op "Combofix.exe" om de tool te starten.
- Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion.” herstart dan de computer.
- Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
* Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
4. Plaats hierna het Combofix logje samen met een nieuw HijackThis logje en hoe het met je probleem is.
Gr.Ben
John Klerks

11-02-2012 11:53

Hoi Ben het probleem is er nog. Gr. John
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:37:08, on 11-2-2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Users\JOHN\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
omboFix 12-02-10.03 - JOHN 11-02-2012 10:27:38.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1791.793
Gestart vanuit: c:\users\JOHN\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-11 to 2012-02-11 ))))))))))))))))))))))))))))))
.
.
2012-02-11 10:14 . 2012-02-11 10:14 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-02-11 08:04 . 2012-02-11 08:04 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F8AA612-4483-4799-A113-C8DB8049842C}\offreg.dll
2012-02-11 07:47 . 2012-02-11 07:47 ——– d—–w- c:\windows\system32\Wat
2012-02-10 18:26 . 2012-01-17 03:39 6557240 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F8AA612-4483-4799-A113-C8DB8049842C}\mpengine.dll
2012-02-10 13:44 . 2012-02-10 13:44 ——– d—–w- c:\program files\TrendMicro
2012-02-10 04:13 . 2012-02-10 04:13 ——– d—–w- c:\program files\Trend Micro
2012-02-10 02:26 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
2012-02-10 02:26 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
2012-02-10 02:26 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
2012-02-10 02:26 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
2012-02-10 02:26 . 2011-09-29 16:03 1290608 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-10 02:26 . 2011-11-17 05:38 1288472 —-a-w- c:\windows\system32\ntdll.dll
2012-02-10 02:24 . 2011-08-17 04:24 465408 —-a-w- c:\windows\system32\psisdecd.dll
2012-02-10 02:24 . 2011-08-17 04:19 75776 —-a-w- c:\windows\system32\psisrndr.ax
2012-02-10 02:24 . 2011-11-24 04:25 2342912 —-a-w- c:\windows\system32\win32k.sys
2012-02-10 02:24 . 2011-08-13 04:18 6144 —-a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-10 02:24 . 2011-05-24 10:44 293376 —-a-w- c:\windows\system32\umpnpmgr.dll
2012-02-10 02:24 . 2011-11-05 04:26 2048 —-a-w- c:\windows\system32\tzres.dll
2012-02-10 02:23 . 2011-07-09 02:30 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-02-10 02:23 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-02-10 02:23 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-10 02:23 . 2010-12-17 07:07 542208 —-a-w- c:\windows\system32\kerberos.dll
2012-02-10 02:22 . 2011-08-27 04:26 571904 —-a-w- c:\windows\system32\oleaut32.dll
2012-02-10 02:22 . 2011-08-27 04:26 233472 —-a-w- c:\windows\system32\oleacc.dll
2012-02-10 02:20 . 2010-12-23 05:54 642048 —-a-w- c:\windows\system32\CPFilters.dll
2012-02-10 02:20 . 2010-12-23 05:54 850944 —-a-w- c:\windows\system32\sbe.dll
2012-02-10 02:20 . 2010-12-23 05:50 199680 —-a-w- c:\windows\system32\mpg2splt.ax
2012-02-10 02:20 . 2011-10-26 04:32 1328128 —-a-w- c:\windows\system32\quartz.dll
2012-02-10 02:20 . 2011-10-26 04:32 514560 —-a-w- c:\windows\system32\qdvd.dll
2012-02-10 02:20 . 2011-02-25 05:30 2616320 —-a-w- c:\windows\explorer.exe
2012-02-10 02:18 . 2011-10-26 04:47 3912560 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-02-10 02:18 . 2011-10-26 04:47 3967856 —-a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-10 02:18 . 2011-04-29 04:57 759296 —-a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-02-10 02:18 . 2011-03-11 05:33 1164288 —-a-w- c:\windows\system32\mfc42u.dll
2012-02-10 02:18 . 2011-03-11 05:33 1137664 —-a-w- c:\windows\system32\mfc42.dll
2012-02-10 02:18 . 2011-02-23 04:47 69632 —-a-w- c:\windows\system32\drivers\bowser.sys
2012-02-10 02:18 . 2011-04-09 05:56 123904 —-a-w- c:\windows\system32\poqexec.exe
2012-02-10 02:18 . 2011-04-22 19:14 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-10 02:12 . 2011-02-03 05:54 219008 —-a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-09 21:51 . 2012-02-09 21:51 ——– d—–w- c:\program files\PC Tools
2012-02-09 21:49 . 2012-01-11 15:19 185560 —-a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-09 21:49 . 2012-02-10 18:17 ——– d—–w- c:\program files\Common Files\PC Tools
2012-02-09 21:47 . 2012-02-10 18:16 ——– d—–w- c:\programdata\PC Tools
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Sjablonen
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Netwerkprinteromgeving
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Mijn documenten
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Menu Start
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\AppData\Local\Geschiedenis
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Sjablonen
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Menu Start
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Favorieten
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Documenten
2012-02-09 17:16 . 2012-02-09 18:22 ——– d—–w- C:\$WINDOWS.~Q
2012-02-09 17:08 . 2012-02-09 17:12 ——– d—–w- C:\$INPLACE.~TR
2012-02-09 10:57 . 2012-02-09 10:57 913168 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-08 11:46 . 2012-02-09 17:46 ——– d—–w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-02-06 12:29 . 2012-02-09 17:47 ——– d—–w- c:\programdata\Malwarebytes
2012-02-06 12:29 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 12:29 . 2012-02-09 17:45 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2012-02-04 11:34 . 2012-02-10 18:10 ——– d—–w- c:\program files\Panda Security
2012-02-04 11:32 . 2012-02-10 17:53 ——– d—–w- c:\programdata\Panda Security
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 11:22 . 2007-07-27 21:17 319456 —-a-w- c:\windows\DIFxAPI.dll
2012-01-29 04:10 . 2009-10-03 14:23 237072 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-11_08.50.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-09 19:31 . 2012-02-11 09:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-09 19:31 . 2012-02-11 07:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-09 19:31 . 2012-02-11 09:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-09 19:31 . 2012-02-11 07:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“Acer Tour Reminder”=“”
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“RtHDVCpl”=“RtHDVCpl.exe”
“Skytel”=“Skytel.exe”
“Acer Tour Reminder”=“c:\acer\AcerTour\Reminder.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe”
“CanonSolutionMenuEx”=“c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE”
“eAudio”=“c:\acer\Empowering Technology\eAudio\eAudio.exe”
“eDataSecurity Loader”=“c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
“PlayMovie”=“c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe”
“TkBellExe”=“c:\program files\Real\RealPlayer\Update\realsched.exe”
“WarReg_PopUp”=“c:\acer\WR_PopUp\WarReg_PopUp.exe”
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe”
.
c:\users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe
S2 Realtek11nSU;Realtek11nSU;c:\program files\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*Deregistered* - avgntflt
*Deregistered* - avkmgr
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
mStart Page = hxxp://nl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
.
.
“ImagePath”=“\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘Explorer.exe’(2440)
c:\windows\system32\MsnChatHook.DLL
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Voltooingstijd: 2012-02-11 11:19:47
ComboFix-quarantined-files.txt 2012-02-11 10:19
ComboFix2.txt 2012-02-10 19:35
.
Pre-Run: 33.142.980.608 bytes beschikbaar
Post-Run: 33.091.297.280 bytes beschikbaar
.
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: Skytel.exe
O4 - HKLM\..\Run: C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: “C:\Acer\Empowering Technology\eAudio\eAudio.exe”
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Real\RealPlayer\Update\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 8503 bytes
Ben

11-02-2012 13:20

Hallo John,
Wat heb je allemaal gedaan??
Je eerste logje: http://antivirus.startpagina.nl/prikbord/15139395/15141315/re-badoo#msg-15141315
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:10:33, on 10-2-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Het logje wat je nu plaatst??
http://antivirus.startpagina.nl/prikbord/15139395/15144025/re-badoo#msg-15144025
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:37:08, on 11-2-2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Ineens een andere HijackThis ???
Plaat dus een goed logje want dit klopt niet en Combofix heb je ook 2x laten scannen.
ComboFix-quarantined-files.txt 2012-02-11 10:19
ComboFix2.txt 2012-02-10 19:35
Plaats dus de eerste combo log en een goed HijackThis logje zo word het een zooitje.
Gr.Ben
John Klerks

12-02-2012 10:05

Sorry Ben, Ik hoop dat dit wel goed is, Gr. John
ComboFix 12-02-10.03 - JOHN 12-02-2012 8:35.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1791.876
Gestart vanuit: c:\users\JOHN\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\Desktop_.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-12 07:49 . 2012-02-12 07:49 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-02-11 07:47 . 2012-02-11 07:47 ——– d—–w- c:\windows\system32\Wat
2012-02-10 18:26 . 2012-01-17 03:39 6557240 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F8AA612-4483-4799-A113-C8DB8049842C}\mpengine.dll
2012-02-10 13:44 . 2012-02-10 13:44 ——– d—–w- c:\program files\TrendMicro
2012-02-10 04:13 . 2012-02-10 04:13 ——– d—–w- c:\program files\Trend Micro
2012-02-10 02:26 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
2012-02-10 02:26 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
2012-02-10 02:26 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
2012-02-10 02:26 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
2012-02-10 02:26 . 2011-09-29 16:03 1290608 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-10 02:26 . 2011-11-17 05:38 1288472 —-a-w- c:\windows\system32\ntdll.dll
2012-02-10 02:24 . 2011-08-17 04:24 465408 —-a-w- c:\windows\system32\psisdecd.dll
2012-02-10 02:24 . 2011-08-17 04:19 75776 —-a-w- c:\windows\system32\psisrndr.ax
2012-02-10 02:24 . 2011-11-24 04:25 2342912 —-a-w- c:\windows\system32\win32k.sys
2012-02-10 02:24 . 2011-08-13 04:18 6144 —-a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-10 02:24 . 2011-05-24 10:44 293376 —-a-w- c:\windows\system32\umpnpmgr.dll
2012-02-10 02:24 . 2011-11-05 04:26 2048 —-a-w- c:\windows\system32\tzres.dll
2012-02-10 02:23 . 2011-07-09 02:30 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-02-10 02:23 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-02-10 02:23 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-10 02:23 . 2010-12-17 07:07 542208 —-a-w- c:\windows\system32\kerberos.dll
2012-02-10 02:22 . 2011-08-27 04:26 571904 —-a-w- c:\windows\system32\oleaut32.dll
2012-02-10 02:22 . 2011-08-27 04:26 233472 —-a-w- c:\windows\system32\oleacc.dll
2012-02-10 02:20 . 2010-12-23 05:54 642048 —-a-w- c:\windows\system32\CPFilters.dll
2012-02-10 02:20 . 2010-12-23 05:54 850944 —-a-w- c:\windows\system32\sbe.dll
2012-02-10 02:20 . 2010-12-23 05:50 199680 —-a-w- c:\windows\system32\mpg2splt.ax
2012-02-10 02:20 . 2011-10-26 04:32 1328128 —-a-w- c:\windows\system32\quartz.dll
2012-02-10 02:20 . 2011-10-26 04:32 514560 —-a-w- c:\windows\system32\qdvd.dll
2012-02-10 02:20 . 2011-02-25 05:30 2616320 —-a-w- c:\windows\explorer.exe
2012-02-10 02:18 . 2011-10-26 04:47 3912560 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-02-10 02:18 . 2011-10-26 04:47 3967856 —-a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-10 02:18 . 2011-04-29 04:57 759296 —-a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-02-10 02:18 . 2011-03-11 05:33 1164288 —-a-w- c:\windows\system32\mfc42u.dll
2012-02-10 02:18 . 2011-03-11 05:33 1137664 —-a-w- c:\windows\system32\mfc42.dll
2012-02-10 02:18 . 2011-02-23 04:47 69632 —-a-w- c:\windows\system32\drivers\bowser.sys
2012-02-10 02:18 . 2011-04-09 05:56 123904 —-a-w- c:\windows\system32\poqexec.exe
2012-02-10 02:18 . 2011-04-22 19:14 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-10 02:12 . 2011-02-03 05:54 219008 —-a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-09 21:51 . 2012-02-09 21:51 ——– d—–w- c:\program files\PC Tools
2012-02-09 21:49 . 2012-01-11 15:19 185560 —-a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-09 21:49 . 2012-02-10 18:17 ——– d—–w- c:\program files\Common Files\PC Tools
2012-02-09 21:47 . 2012-02-10 18:16 ——– d—–w- c:\programdata\PC Tools
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Sjablonen
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Netwerkprinteromgeving
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Mijn documenten
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\Menu Start
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\users\Default\AppData\Local\Geschiedenis
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Sjablonen
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Menu Start
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Favorieten
2012-02-09 19:04 . 2012-02-09 19:04 ——– d-sh–we c:\programdata\Documenten
2012-02-09 17:16 . 2012-02-09 18:22 ——– d—–w- C:\$WINDOWS.~Q
2012-02-09 17:08 . 2012-02-09 17:12 ——– d—–w- C:\$INPLACE.~TR
2012-02-09 10:57 . 2012-02-09 10:57 913168 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-08 11:46 . 2012-02-09 17:46 ——– d—–w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-02-06 12:29 . 2012-02-09 17:47 ——– d—–w- c:\programdata\Malwarebytes
2012-02-06 12:29 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 12:29 . 2012-02-09 17:45 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2012-02-04 11:34 . 2012-02-10 18:10 ——– d—–w- c:\program files\Panda Security
2012-02-04 11:32 . 2012-02-10 17:53 ——– d—–w- c:\programdata\Panda Security
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 11:22 . 2007-07-27 21:17 319456 —-a-w- c:\windows\DIFxAPI.dll
2012-01-29 04:10 . 2009-10-03 14:23 237072 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-11_08.50.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-11 08:00 . 2011-03-11 03:48 76288 c:\windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_4ac7a4d10f6f3253\USBSTOR.SYS
+ 2012-02-11 08:00 . 2011-03-11 04:01 76288 c:\windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_4a4fd9f7f64327f9\USBSTOR.SYS
+ 2012-02-11 08:00 . 2011-03-25 02:54 24064 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_bffae6357b300705\usbuhci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:54 20480 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_bffae6357b300705\usbohci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:54 43008 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_bffae6357b300705\usbehci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 24064 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_bf801a7e6206b0a6\usbuhci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 20480 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_bf801a7e6206b0a6\usbohci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 43008 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_bf801a7e6206b0a6\usbehci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:54 76288 c:\windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_cd30edb88614b91e\usbccgp.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 75776 c:\windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_ccb622016ceb62bf\usbccgp.sys
+ 2012-02-11 08:00 . 2011-03-11 05:18 74240 c:\windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_cea56a936788b341\fsutil.exe
+ 2012-02-11 08:00 . 2011-03-11 05:31 74240 c:\windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.17577_none_ce2d9fba4e5ca8e7\fsutil.exe
+ 2012-02-11 08:00 . 2011-04-28 03:06 60416 c:\windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_74d7cd6c32ef203f\BTHUSB.SYS
+ 2012-02-11 08:00 . 2011-04-28 03:15 60416 c:\windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_745a00d719c87ddb\BTHUSB.SYS
+ 2012-02-11 08:00 . 2011-03-11 05:27 22400 c:\windows\winsxs\x86_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_4eae2d5af9871de8\amdxata.sys
+ 2012-02-11 08:00 . 2011-03-11 05:27 80256 c:\windows\winsxs\x86_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_4eae2d5af9871de8\amdsata.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 22400 c:\windows\winsxs\x86_amdsata.inf_31bf3856ad364e35_6.1.7601.17577_none_4e366281e05b138e\amdxata.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 80256 c:\windows\winsxs\x86_amdsata.inf_31bf3856ad364e35_6.1.7601.17577_none_4e366281e05b138e\amdsata.sys
+ 2010-11-20 21:20 . 2012-02-11 11:48 22360 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-02-11 13:38 38722 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-11 08:00 . 2011-03-11 05:31 74240 c:\windows\System32\fsutil.exe
- 2009-07-14 04:50 . 2012-02-09 19:02 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2012-02-11 11:42 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2012-02-11 08:00 . 2011-03-11 04:01 76288 c:\windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_e6d53e776821c5b8\USBSTOR.SYS
+ 2012-02-11 08:00 . 2011-03-25 02:57 24064 c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbuhci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 20480 c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbohci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 43008 c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbehci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 75776 c:\windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_1584ed9878602b0f\usbccgp.sys
+ 2012-02-11 08:00 . 2011-04-28 03:15 60416 c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\BTHUSB.SYS
+ 2009-07-13 23:51 . 2009-07-13 23:51 34816 c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\bthenum.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 22400 c:\windows\System32\DriverStore\FileRepository\amdsata.inf_x86_neutral_5c3d0d1e97e99e10\amdxata.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 80256 c:\windows\System32\DriverStore\FileRepository\amdsata.inf_x86_neutral_5c3d0d1e97e99e10\amdsata.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 24064 c:\windows\System32\drivers\usbuhci.sys
- 2009-07-13 23:51 . 2009-07-13 23:51 24064 c:\windows\System32\drivers\usbuhci.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 76288 c:\windows\System32\drivers\USBSTOR.SYS
+ 2012-02-11 08:00 . 2011-03-11 04:01 76288 c:\windows\System32\drivers\USBSTOR.SYS
- 2009-07-13 23:51 . 2009-07-13 23:51 20480 c:\windows\System32\drivers\usbohci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 20480 c:\windows\System32\drivers\usbohci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 43008 c:\windows\System32\drivers\usbehci.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 75776 c:\windows\System32\drivers\usbccgp.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 75776 c:\windows\System32\drivers\usbccgp.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 22400 c:\windows\System32\drivers\amdxata.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 22400 c:\windows\System32\drivers\amdxata.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 80256 c:\windows\System32\drivers\amdsata.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 80256 c:\windows\System32\drivers\amdsata.sys
- 2012-02-09 17:36 . 2012-02-11 08:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-09 17:36 . 2012-02-11 11:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-09 17:36 . 2012-02-11 11:08 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-09 17:36 . 2012-02-11 08:31 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-02-11 11:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-02-11 08:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-09 19:31 . 2012-02-11 07:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-09 19:31 . 2012-02-11 14:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-09 19:31 . 2012-02-11 07:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-09 19:31 . 2012-02-11 14:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-11 08:00 . 2011-03-25 02:54 5888 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_bffae6357b300705\usbd.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 5888 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_bf801a7e6206b0a6\usbd.sys
+ 2012-02-09 19:31 . 2012-02-11 13:38 3004 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-206380439-1767824655-3370924851-1000_UserData.bin
+ 2012-02-11 08:00 . 2011-03-25 02:57 5888 c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbd.sys
- 2009-07-13 23:51 . 2009-07-13 23:51 5888 c:\windows\System32\drivers\usbd.sys
+ 2012-02-11 08:00 . 2011-03-25 02:57 5888 c:\windows\System32\drivers\usbd.sys
+ 2012-02-11 13:35 . 2012-02-11 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-11 07:50 . 2012-02-11 07:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-11 07:50 . 2012-02-11 07:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-11 13:35 . 2012-02-11 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-11 08:00 . 2011-03-25 02:54 284672 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_bffae6357b300705\usbport.sys
+ 2012-02-11 08:00 . 2011-03-25 02:55 258560 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_bffae6357b300705\usbhub.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 284672 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_bf801a7e6206b0a6\usbport.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 258560 c:\windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_bf801a7e6206b0a6\usbhub.sys
+ 2012-02-11 08:00 . 2011-03-25 02:55 258560 c:\windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_cd30edb88614b91e\usbhub.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 258560 c:\windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_ccb622016ceb62bf\usbhub.sys
+ 2012-02-11 08:00 . 2011-03-11 05:28 143744 c:\windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
+ 2012-02-11 08:00 . 2011-03-11 05:28 117120 c:\windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 143744 c:\windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 117120 c:\windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
+ 2012-02-11 08:00 . 2011-03-11 05:28 148864 c:\windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.21680_none_29bda4c3a7cafce3\storport.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 148864 c:\windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17577_none_2945d9ea8e9ef289\storport.sys
+ 2012-02-11 08:00 . 2011-03-11 05:28 332160 c:\windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 332160 c:\windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
+ 2012-02-11 08:00 . 2011-04-28 03:06 393728 c:\windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_74d7cd6c32ef203f\bthport.sys
+ 2012-02-11 08:00 . 2011-04-28 03:15 393728 c:\windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_745a00d719c87ddb\bthport.sys
+ 2012-02-10 17:11 . 2012-02-11 23:51 149086 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-04-12 04:48 . 2012-02-11 07:57 701564 c:\windows\System32\perfh013.dat
+ 2011-04-12 04:48 . 2012-02-12 07:34 701564 c:\windows\System32\perfh013.dat
- 2009-07-14 02:05 . 2012-02-11 07:57 616008 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-02-12 07:34 616008 c:\windows\System32\perfh009.dat
+ 2011-04-12 04:48 . 2012-02-12 07:34 133564 c:\windows\System32\perfc013.dat
- 2011-04-12 04:48 . 2012-02-11 07:57 133564 c:\windows\System32\perfc013.dat
- 2009-07-14 02:05 . 2012-02-11 07:57 106388 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2012-02-12 07:34 106388 c:\windows\System32\perfc009.dat
- 2009-07-14 04:50 . 2012-02-09 19:02 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2012-02-11 11:42 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2012-02-09 17:28 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:50 . 2012-02-11 11:42 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2012-02-11 08:00 . 2011-03-25 02:58 284672 c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbport.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 258560 c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbhub.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 258560 c:\windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_1584ed9878602b0f\usbhub.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 143744 c:\windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 117120 c:\windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 332160 c:\windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
+ 2010-11-20 21:29 . 2010-11-20 21:29 219648 c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\fsquirt.exe
+ 2012-02-11 08:00 . 2011-04-28 03:15 393728 c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\bthport.sys
+ 2009-07-14 04:51 . 2012-02-11 11:42 399360 c:\windows\System32\DriverStore\drvindex.dat
- 2009-07-14 04:51 . 2011-04-12 04:56 399360 c:\windows\System32\DriverStore\drvindex.dat
- 2010-11-20 21:29 . 2010-11-20 21:29 284672 c:\windows\System32\drivers\usbport.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 284672 c:\windows\System32\drivers\usbport.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 258560 c:\windows\System32\drivers\usbhub.sys
+ 2012-02-11 08:00 . 2011-03-25 02:58 258560 c:\windows\System32\drivers\usbhub.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 148864 c:\windows\System32\drivers\storport.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 148864 c:\windows\System32\drivers\storport.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 143744 c:\windows\System32\drivers\nvstor.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 143744 c:\windows\System32\drivers\nvstor.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 117120 c:\windows\System32\drivers\nvraid.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 117120 c:\windows\System32\drivers\nvraid.sys
+ 2012-02-11 08:00 . 2011-03-11 05:38 332160 c:\windows\System32\drivers\iaStorV.sys
- 2010-11-20 21:29 . 2010-11-20 21:29 332160 c:\windows\System32\drivers\iaStorV.sys
+ 2009-07-14 04:34 . 2012-02-11 12:18 102608 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-11 21:50 . 2012-02-11 21:50 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:47 . 2012-02-11 07:48 307092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-02-11 13:34 307092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-11 08:00 . 2011-03-11 05:28 1211264 c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 1211264 c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
+ 2012-02-11 08:00 . 2011-03-11 05:20 1699328 c:\windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.21680_none_f4259cfba3a7d619\esent.dll
+ 2012-02-11 08:00 . 2011-03-11 05:33 1699328 c:\windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17577_none_f3add2228a7bcbbf\esent.dll
- 2009-07-14 02:03 . 2012-02-11 07:48 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2012-02-11 11:42 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-02-11 08:00 . 2011-03-11 05:33 1699328 c:\windows\System32\esent.dll
- 2010-11-20 21:29 . 2010-11-20 21:29 1211264 c:\windows\System32\drivers\ntfs.sys
+ 2012-02-11 08:00 . 2011-03-11 05:39 1211264 c:\windows\System32\drivers\ntfs.sys
- 2009-07-14 04:34 . 2012-02-11 07:52 7183440 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2012-02-11 11:47 7183440 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
– Snapshot teruggezet naar huidige datum –
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“Acer Tour Reminder”=“”
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“RtHDVCpl”=“RtHDVCpl.exe”
“Skytel”=“Skytel.exe”
“Acer Tour Reminder”=“c:\acer\AcerTour\Reminder.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe”
“CanonSolutionMenuEx”=“c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE”
“eAudio”=“c:\acer\Empowering Technology\eAudio\eAudio.exe”
“eDataSecurity Loader”=“c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
“PlayMovie”=“c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe”
“TkBellExe”=“c:\program files\Real\RealPlayer\Update\realsched.exe”
“WarReg_PopUp”=“c:\acer\WR_PopUp\WarReg_PopUp.exe”
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe”
.
c:\users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe
S2 Realtek11nSU;Realtek11nSU;c:\program files\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*Deregistered* - avgntflt
*Deregistered* - avkmgr
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
mStart Page = hxxp://nl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
.
.
“ImagePath”=“\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-02-12 09:05:51
ComboFix-quarantined-files.txt 2012-02-12 08:05
ComboFix2.txt 2012-02-11 10:19
ComboFix3.txt 2012-02-10 19:35
.
Pre-Run: 32.529.620.992 bytes beschikbaar
Post-Run: 32.478.420.992 bytes beschikbaar
.
- - End Of File - - 87D86CFD913517C7BBFF3698FBA92ADB
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:26, on 12-2-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: Skytel.exe
O4 - HKLM\..\Run: C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: “C:\Acer\Empowering Technology\eAudio\eAudio.exe”
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Real\RealPlayer\Update\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 8255 bytes

Badoo

John Klerks

Jos H

Ben

John Klerks

fazantje

John klerks

Ben

John Klerks

Ben

John Klerks