Hallo Ben,
Als eerste bedankt voor je reactie
Heb spybot verwijderd zoals je zei.
Hierbij de logjes:
Combofix
ComboFix 12-04-07.02 - Johnny 07-04-2012 14:18:10.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3957.1398
Gestart vanuit: c:\users\Johnny\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Johnny\AppData\Local\assembly\tmp
c:\users\Johnny\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4cdl.lnk
c:\windows\iun6002.exe
c:\windows\SysWow64\aaisolv.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-07 to 2012-04-07 ))))))))))))))))))))))))))))))
.
.
2012-04-07 12:25 . 2012-04-07 12:25 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-06 20:30 . 2012-04-06 20:30 ——– d—–w- c:\program files (x86)\Trend Micro
2012-04-06 20:24 . 2012-04-06 20:24 ——– d—–w- C:\TDSSKiller_Quarantine
2012-04-06 15:42 . 2012-03-14 03:27 8669240 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F544A37B-B757-4062-8566-E1FC6EFCCF4F}\mpengine.dll
2012-04-05 10:37 . 2011-12-23 18:58 4659712 —-a-w- c:\windows\SysWow64\Redemption.dll
2012-04-05 10:36 . 2012-04-05 10:36 ——– d—–w- c:\program files (x86)\MarkAny
2012-04-05 10:36 . 2011-12-23 18:58 821824 —-a-w- c:\windows\SysWow64\dgderapi.dll
2012-04-05 10:36 . 2012-04-05 10:37 ——– d—–w- c:\program files (x86)\Samsung
2012-04-05 10:36 . 2012-04-05 10:37 ——– d—–w- c:\programdata\Samsung
2012-04-04 20:19 . 2012-04-04 20:19 ——– d—–w- c:\program files (x86)\Free Mouse Auto Clicker
2012-04-04 17:47 . 2012-04-04 17:48 ——– d—–w- c:\program files (x86)\Mouse Click
2012-04-04 17:47 . 2011-05-08 22:10 53248 —-a-w- c:\windows\SysWow64\MouseClick.exe
2012-04-04 16:58 . 2012-04-04 16:58 ——– d—–w- c:\program files\BoneCraft
2012-04-03 20:11 . 2012-04-03 22:16 ——– d—–w- c:\program files (x86)\SABnzbd
2012-04-02 20:47 . 2012-04-02 20:47 ——– d—–w- c:\program files (x86)\GetData
2012-04-02 20:43 . 2012-04-02 20:43 418464 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-02 20:32 . 2003-12-16 16:13 34297 ——w- c:\windows\SysWow64\drivers\StMp3Rec.sys
2012-04-02 20:32 . 2012-04-02 20:32 ——– d—–w- c:\program files (x86)\SigmaTel
2012-04-02 20:20 . 2005-10-10 10:50 14336 —-a-w- c:\windows\system32\drivers\StMp3Recx64.sys
2012-04-02 18:27 . 2012-04-02 18:27 4022504 —-a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-04-02 18:27 . 2012-04-02 18:27 ——– d—–w- c:\program files (x86)\Illustrate
2012-04-01 15:19 . 2012-04-01 15:19 ——– d—–w- c:\program files (x86)\Wheaten
2012-04-01 08:37 . 2012-04-01 08:37 ——– d—–w- c:\programdata\Microsoft Visual Studio
2012-03-31 20:08 . 2012-03-31 20:08 ——– d—–w- c:\program files (x86)\Havij
2012-03-31 20:08 . 2009-09-09 22:36 260096 —-a-w- c:\windows\SysWow64\RICHTX32.ocx
2012-03-31 20:08 . 2004-03-08 21:30 124688 —-a-w- c:\windows\SysWow64\Mswinsck.ocx
2012-03-31 20:08 . 2004-03-08 21:30 1081616 —-a-w- c:\windows\SysWow64\Mscomctl.ocx
2012-03-31 20:08 . 2000-12-05 21:00 209608 —-a-w- c:\windows\SysWow64\tabctl32.ocx
2012-03-31 20:08 . 2000-05-21 21:00 140488 —-a-w- c:\windows\SysWow64\comdlg32.ocx
2012-03-31 20:08 . 1998-06-23 22:00 115016 —-a-w- c:\windows\SysWow64\MSInet.ocx
2012-03-31 15:12 . 2012-03-31 15:12 ——– d—–w- c:\program files (x86)\AmIcoSingLun
2012-03-31 15:12 . 2012-03-31 15:12 ——– d—–w- c:\programdata\AmUStor
2012-03-31 11:44 . 2012-03-31 11:44 ——– d—–w- c:\program files (x86)\Duplicate Cleaner
2012-03-29 22:16 . 2010-05-26 09:41 2106216 —-a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-03-29 22:15 . 2012-03-29 22:15 ——– d—–w- c:\program files (x86)\XBMC
2012-03-29 21:42 . 2012-03-29 21:42 ——– d—–w- c:\windows\system32\appmgmt
2012-03-29 21:28 . 2012-03-29 21:28 ——– d—–w- c:\program files (x86)\Medieval Software
2012-03-29 21:03 . 2012-03-29 21:03 ——– d—–w- C:\test
2012-03-29 20:53 . 2009-07-22 08:17 78872 —-a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-29 20:53 . 2009-07-22 08:17 50200 —-a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-29 20:53 . 2009-07-22 08:17 79896 —-a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-03-29 20:53 . 2009-07-22 08:17 111640 —-a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-03-29 20:52 . 2012-03-29 20:52 ——– d—–w- c:\windows\system32\RsFx
2012-03-29 20:52 . 2012-03-29 20:52 ——– d—–w- c:\program files\Microsoft Visual Studio 9.0
2012-03-29 20:36 . 2012-03-31 01:07 ——– d—–w- c:\program files (x86)\Common Files\Merge Modules
2012-03-29 20:36 . 2012-03-29 20:38 ——– d—–w- c:\program files (x86)\Microsoft F#
2012-03-29 20:36 . 2012-03-29 20:37 ——– d—–w- c:\program files (x86)\HTML Help Workshop
2012-03-29 20:36 . 2012-03-29 20:45 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-03-29 20:32 . 2012-03-29 20:32 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-03-29 20:32 . 2012-03-29 20:51 ——– d—–w- c:\windows\system32\1033
2012-03-29 20:32 . 2012-03-29 20:46 ——– d—–w- c:\program files\Microsoft Visual Studio 10.0
2012-03-29 20:32 . 2012-03-29 20:46 ——– d—–w- c:\program files (x86)\Microsoft SDKs
2012-03-29 20:32 . 2012-03-29 20:32 ——– d—–w- c:\windows\symbols
2012-03-29 20:32 . 2012-03-29 20:32 ——– d—–w- c:\program files\Microsoft Help Viewer
2012-03-29 17:40 . 2012-03-29 21:39 ——– d—–w- c:\program files (x86)\4chan Image Downloader
2012-03-29 17:21 . 2012-03-29 17:22 ——– d—–w- C:\dump4chan
2012-03-29 10:04 . 2012-03-29 11:54 ——– d—–w- c:\program files (x86)\CCEnhancer
2012-03-26 23:24 . 2012-03-29 21:43 ——– d—–w- C:\WP
2012-03-25 20:47 . 2012-03-25 20:47 ——– d—–w- c:\programdata\Xilisoft
2012-03-25 20:47 . 2012-03-25 20:47 ——– d—–w- c:\program files (x86)\Xilisoft
2012-03-23 23:02 . 2012-03-23 23:02 ——– d—–w- c:\programdata\PDVD
2012-03-23 23:02 . 2012-03-29 23:11 ——– d—–w- c:\users\Public\CyberLink
2012-03-23 23:02 . 2012-03-23 23:03 ——– d—–w- c:\programdata\CyberLink
2012-03-23 23:00 . 2012-03-23 23:00 ——– d—–w- c:\program files (x86)\CyberLink
2012-03-23 22:59 . 2012-03-23 22:59 ——– d—–w- c:\programdata\install_clap
2012-03-23 22:35 . 2012-03-23 22:35 ——– d—–w- c:\program files (x86)\flippit
2012-03-23 15:46 . 2012-03-23 15:46 ——– d—–w- c:\programdata\Canneverbe Limited
2012-03-23 15:33 . 2012-03-23 15:33 ——– d—–w- C:\AnyVideoStudio
2012-03-23 15:33 . 2012-03-23 15:33 ——– d—–w- c:\program files (x86)\AviSynth 2.5
2012-03-23 15:33 . 2011-03-02 17:43 175616 —-a-w- c:\windows\SysWow64\unrar.dll
2012-03-23 15:33 . 2009-08-17 08:54 1184984 —-a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-03-23 15:33 . 2008-12-22 04:46 351744 —-a-w- c:\windows\SysWow64\avisynth.dll
2012-03-23 15:33 . 2004-02-22 15:11 719872 —-a-w- c:\windows\SysWow64\devil.dll
2012-03-23 15:33 . 2009-08-17 08:54 438272 —-a-w- c:\windows\SysWow64\Mpeg2DecFilter.ax
2012-03-23 15:33 . 2009-08-17 08:54 217088 —-a-w- c:\windows\SysWow64\CoreFLACDecoder.ax
2012-03-23 15:33 . 2009-03-17 16:38 70656 —-a-w- c:\windows\SysWow64\RLAPEDec.ax
2012-03-23 15:33 . 2012-03-23 15:33 ——– d—–w- c:\program files (x86)\GET Youtube Downloader Ultimate
2012-03-23 14:41 . 2012-03-23 14:41 ——– d—–w- c:\programdata\regid.1986-12.com.adobe
2012-03-23 14:23 . 2012-03-23 14:24 ——– d—–w- c:\program files (x86)\Artisteer 3
2012-03-22 21:27 . 2012-03-22 21:27 ——– d—–w- c:\program files (x86)\Rovio
2012-03-21 18:48 . 2012-03-21 18:48 ——– d—–w- c:\program files (x86)\EA GAMES
2012-03-21 18:48 . 2005-05-26 14:34 3767504 —-a-w- c:\windows\system32\d3dx9_26.dll
2012-03-21 18:48 . 2005-05-26 14:34 2297552 —-a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-03-21 15:45 . 2012-03-28 21:25 ——– d—–w- c:\programdata\vsosdk
2012-03-20 20:41 . 2012-03-31 13:12 353792 —-a-w- c:\windows\PromptService64.exe
2012-03-20 20:41 . 2012-03-31 13:12 266240 —-a-w- c:\windows\PromptService.exe
2012-03-20 20:41 . 2012-03-20 20:42 125440 —-a-w- c:\windows\Secure64.dll
2012-03-20 20:41 . 2012-03-20 20:41 98304 —-a-w- c:\windows\Secure.dll
2012-03-20 20:41 . 2012-03-31 13:12 ——– d—–w- c:\program files (x86)\Folder Protect
2012-03-20 20:36 . 2012-03-20 20:36 ——– d—–w- c:\program files (x86)\uTorrent
2012-03-20 20:28 . 2012-03-20 20:28 ——– d—–w- c:\windows\Sun
2012-03-20 17:14 . 2012-03-20 17:15 ——– d—–w- c:\program files (x86)\Slingo Time
2012-03-20 17:14 . 2012-03-20 17:14 ——– d—–w- c:\program files\Slingo Time
2012-03-20 17:14 . 2012-03-20 17:14 ——– d—–w- c:\program files (x86)\Games
2012-03-20 17:06 . 2012-03-20 17:06 ——– d—–w- c:\programdata\Trymedia
2012-03-20 17:06 . 2012-03-20 17:06 ——– d—–w- c:\program files (x86)\Slingo Quest Egypt
2012-03-20 16:48 . 2012-03-20 16:48 ——– d—–w- c:\program files (x86)\Slingo Quest
2012-03-20 16:48 . 2012-03-20 16:48 ——– d—–w- c:\program files (x86)\ReflexiveArcade
2012-03-20 16:45 . 2012-03-20 16:45 ——– d—–w- c:\program files (x86)\Slingo Deluxe
2012-03-20 16:45 . 2012-03-20 16:45 ——– d—–w- c:\program files\BFG
2012-03-20 15:20 . 2012-03-20 15:20 286720 ——w- c:\windows\Setup1.exe
2012-03-20 15:20 . 2012-03-20 15:20 73216 —-a-w- c:\windows\ST6UNST.EXE
2012-03-20 15:00 . 2012-03-20 15:00 ——– d—–w- c:\program files (x86)\Elaborate Bytes
2012-03-20 00:35 . 2012-03-20 00:35 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-20 00:25 . 2012-03-20 00:26 ——– d—–w- c:\program files (x86)\Common Files\Adobe
2012-03-18 19:33 . 2012-03-18 19:33 ——– d—–w- c:\program files (x86)\Common Files\Java
2012-03-18 19:32 . 2012-03-18 19:32 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-18 19:32 . 2012-03-18 19:32 ——– d—–w- c:\program files (x86)\Java
2012-03-18 08:26 . 2012-03-18 08:26 ——– d—–w- c:\program files\Defraggler
2012-03-18 05:18 . 2012-03-18 05:18 ——– d—–w- c:\windows\SysWow64\wbem\en-US
2012-03-18 05:18 . 2012-03-18 05:18 ——– d—–w- c:\windows\system32\wbem\en-US
2012-03-18 05:18 . 2012-03-18 05:18 ——– d—–w- c:\windows\SysWow64\Wat
2012-03-18 05:18 . 2012-03-18 05:18 ——– d—–w- c:\windows\system32\Wat
2012-03-18 02:24 . 2011-11-19 15:20 5559152 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 02:24 . 2011-11-19 14:50 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 02:24 . 2011-11-19 14:50 3913584 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 02:19 . 2012-03-18 02:19 766976 —-a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2012-03-18 01:59 . 2011-02-19 12:05 1139200 —-a-w- c:\windows\system32\FntCache.dll
2012-03-18 01:59 . 2011-02-19 12:04 902656 —-a-w- c:\windows\system32\d2d1.dll
2012-03-18 01:59 . 2011-02-19 06:30 739840 —-a-w- c:\windows\SysWow64\d2d1.dll
2012-03-18 01:50 . 2011-11-05 05:32 2048 —-a-w- c:\windows\system32\tzres.dll
2012-03-18 01:50 . 2011-11-05 04:26 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2012-03-18 01:48 . 2011-11-17 06:49 95600 —-a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 00:56 . 2011-03-28 17:36 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ——w- c:\windows\system32\MpSigStub.exe
2012-02-15 22:24 . 2012-02-15 22:24 203320 —-a-w- c:\windows\system32\drivers\ssudobex.sys
2012-02-15 22:24 . 2012-02-15 22:24 203320 —-a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-02-15 22:24 . 2012-02-15 22:24 99384 —-a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“KiesHelper”=“c:\program files (x86)\Samsung\Kies\KiesHelper.exe”
“KiesPDLR”=“c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
.
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“PromptService”=“c:\windows\PromptService.exe”
“PromptService64”=“c:\windows\PromptService64.exe”
“KiesTrayAgent”=“c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe”
.
c:\users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe
.
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
“aux”=wdmaud.drv
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys
R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys
R3 StMp3Recx64;Player Recovery Device Control Driver;c:\windows\system32\Drivers\StMp3Recx64.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S1 WinFPdrv;WinFPdrv;SysWOW64\WinFPdrv.sys
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control ;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-04-07 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917834113-3457772731-4010868262-1000Core.job
- c:\users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917834113-3457772731-4010868262-1000UA.job
- c:\users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— x86-64 ———–
.
.
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“egui”=“c:\program files\ESET\ESET Smart Security\egui.exe”
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“AmIcoSinglun64”=“c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”
.
“LoadAppInit_DLLs”=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.4.1
FF - ProfilePath - c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\sew0ji3s.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.nl/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-Driver Genius - (no file)
SafeBoot-WinFPdrv.sys
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-Slingo Deluxe - c:\windows\iun6002.exe
AddRemove-{2DC7D62A-FF31-4A0A-B881-9C769C96318F}_is1 - c:\program files (x86)\Mouse Click\unins000.exe
.
.
.
“ImagePath”=“\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.Email.1”
.
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.VCard.1”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-04-07 14:33:07 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-07 12:33
.
Pre-Run: 96.308.125.696 bytes beschikbaar
Post-Run: 96.240.324.608 bytes beschikbaar
.
- - End Of File - - AE4B57E51C90EA1404AB6062097072E4
hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:36:43, on 7-4-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\PromptService.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Johnny\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Windows\PromptService.exe
O4 - HKLM\..\Run: C:\Windows\PromptService64.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-21-3917834113-3457772731-4010868262-1001\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-3917834113-3457772731-4010868262-1001\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Media Center 17 Service - JRiver, Inc. - C:\Program Files (x86)\J River\Media Center 17\JRService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
–
End of file - 8952 bytes
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
