Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
filatelist
Hoi,
Af en toe verschijnt er spontaan een spelletjes website in mijn beeldscherm. Geopend door Internet Explorer terwijl ik deze nooit gebruik. Kan hem zo weg klikken en weer verder gaan. En verschijnt ook sporadisch.
Hierbij alle logjes inclusief alvast een Combofix logje:
Hier mijn logjes voor de zekerheid:
# AdwCleaner v2.107 - Verslag gemaakt op 24/01/2013 om 17:35:14
# Geactualiseerd op 21/01/2013 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruiker : Ronald - RONALD-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : F:\adwcleaner.exe
# Optie
***** *****
***** *****
***** *****
***** *****
-\\ Internet Explorer v9.0.8112.16457
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Mozilla Firefox v18.0.1 (nl)
File : C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\ikbh7m58.default\prefs.js
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Hier Malwarebytes waar ik overigens een betaalde versie van heb:
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Databaseversie: v2013.01.24.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ronald :: RONALD-PC
Bescherming: Ingeschakeld
24-1-2013 17:25:25
mbam-log-2013-01-24 (17-25-25).txt
Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 355682
Verstreken tijd: 7 minuut/minuten, 30 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Hier het hijackthis logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:38:11, on 24-1-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spotnet\Spotnet.exe
C:\Program Files (x86)\Spotnet\SABnzbd.exe
F:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe” -autostart
O4 - HKLM\..\Run: “C:\Program Files (x86)\Cobian Backup 10\Cobian.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: “C:\Program Files (x86)\Winamp\winampa.exe”
O4 - HKUS\S-1-5-21-3485982240-1827776346-149275893-1002\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-3485982240-1827776346-149275893-1002\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O4 - S-1-5-21-3485982240-1827776346-149275893-1002 User Startup: RUN.CMD (User ‘UpdatusUser’)
O4 - .DEFAULT User Startup: RUN.CMD (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8771 bytes
Ook TDSSKILLER gedaan vind niets.
En hier alvast het Combofix logje
ComboFix 13-01-24.02 - Ronald 24-01-2013 18:46:43.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.16301.12392
Gestart vanuit: F:\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-24 to 2013-01-24 ))))))))))))))))))))))))))))))
.
.
2013-01-24 17:48 . 2013-01-24 17:48 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-01-24 16:37 . 2013-01-24 16:37 ——– d—–w- c:\program files (x86)\ESET
2013-01-22 07:05 . 2013-01-08 05:32 9161176 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15E0EC34-CB48-49E7-A130-528DF35EF5B1}\mpengine.dll
2013-01-16 14:33 . 2013-01-16 14:33 ——– d—–w- c:\programdata\Canneverbe Limited
2013-01-16 14:16 . 2013-01-16 14:16 ——– d—–w- c:\program files (x86)\LSoft Technologies
2013-01-14 12:53 . 2013-01-14 12:53 ——– d—–w- c:\windows\ERUNT
2013-01-14 12:53 . 2013-01-14 12:53 ——– d—–w- C:\JRT
2013-01-13 20:09 . 2013-01-13 20:09 ——– d—–w- c:\users\Administrator
2013-01-13 08:55 . 2009-09-04 16:29 1892184 —-a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-01-13 08:55 . 2006-09-28 15:05 2414360 —-a-w- c:\windows\SysWow64\d3dx9_31.dll
2013-01-13 08:54 . 2013-01-13 08:54 ——– d—–w- c:\program files (x86)\Winamp Detect
2013-01-13 08:54 . 2013-01-13 08:54 ——– d—–w- c:\program files (x86)\Common Files\PX Storage Engine
2013-01-13 08:54 . 2013-01-13 08:55 ——– d—–w- c:\program files (x86)\Winamp
2013-01-12 23:15 . 2008-10-17 19:04 179712 ——w- c:\windows\system32\BrfxDA5b.dll
2013-01-12 23:15 . 2007-12-13 21:16 73728 ——w- c:\windows\SysWow64\BrDctF2.dll
2013-01-12 23:15 . 2007-12-13 21:16 5120 ——w- c:\windows\SysWow64\BrDctF2L.dll
2013-01-12 23:15 . 2007-01-15 20:54 12288 ——w- c:\windows\SysWow64\BrDctF2S.dll
2013-01-12 23:15 . 2006-12-28 12:39 176128 ——w- c:\windows\SysWow64\BroSNMP.dll
2013-01-12 23:15 . 2013-01-12 23:15 ——– d—–w- c:\program files (x86)\Brother
2013-01-12 23:15 . 2008-06-17 14:33 167936 ——w- c:\windows\SysWow64\NSSearch.dll
2013-01-12 23:15 . 2013-01-12 23:15 ——– d—–w- c:\programdata\Brother
2013-01-12 15:29 . 2013-01-12 15:29 ——– d—–w- c:\program files (x86)\Google
2013-01-12 15:14 . 2013-01-19 20:04 ——– d—–w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-12 15:11 . 2013-01-12 15:11 ——– d—–w- c:\programdata\Malwarebytes
2013-01-12 15:11 . 2013-01-12 15:11 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-12 15:11 . 2012-12-14 15:49 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-01-12 15:03 . 2013-01-12 15:03 ——– d—–w- c:\program files (x86)\Common Files\Adobe
2013-01-12 14:58 . 2013-01-12 14:58 ——– d—–w- c:\program files\CCleaner
2013-01-12 14:57 . 2013-01-12 14:57 ——– d—–w- c:\program files (x86)\MahJong Medley
2013-01-12 14:57 . 2013-01-12 14:57 ——– d—–w- c:\program files (x86)\Dont Angry
2013-01-12 14:57 . 2013-01-12 14:57 ——– d—–w- c:\program files\AdventurePinballDemo
2013-01-12 14:56 . 2013-01-12 14:56 ——– d—–w- c:\program files (x86)\Thinking Blocks
2013-01-12 14:54 . 2013-01-12 14:54 ——– d—–w- c:\program files (x86)\VS Revo Group
2013-01-12 14:53 . 2013-01-12 14:53 ——– d—–w- c:\windows\SysWow64\C2MP
2013-01-12 14:53 . 2013-01-12 14:53 ——– d—–w- c:\program files (x86)\K-Lite Codec Pack
2013-01-12 14:51 . 2013-01-12 14:51 ——– d—–w- c:\program files (x86)\CDBurnerXP
2013-01-12 14:50 . 2013-01-12 14:50 ——– d—–w- c:\program files (x86)\Araneae
2013-01-12 14:49 . 2013-01-12 14:49 ——– d—–w- c:\program files (x86)\FileZilla FTP Client
2013-01-12 14:49 . 2013-01-12 14:49 ——– d—–w- c:\program files (x86)\Xiph.Org
2013-01-12 14:48 . 2013-01-12 14:48 ——– d—–w- c:\program files (x86)\Calibre2
2013-01-12 14:48 . 2013-01-12 14:48 ——– d—–w- c:\program files (x86)\Cobian Backup 10
2013-01-12 14:47 . 2013-01-12 14:47 ——– d—–w- c:\program files (x86)\FastCopy
2013-01-12 14:45 . 2013-01-24 16:24 ——– d—–w- c:\program files (x86)\Nexus Radio
2013-01-12 14:45 . 2013-01-12 14:45 ——– d—–w- c:\windows\SysWow64\Nexus Radio
2013-01-12 14:45 . 2013-01-12 14:45 ——– d—–w- C:\My Plugins
2013-01-12 14:45 . 2013-01-12 14:45 ——– d—–w- C:\My Saved Files
2013-01-12 14:45 . 2013-01-12 14:45 ——– d—–w- C:\My Recorded Files
2013-01-12 14:44 . 2013-01-12 14:44 ——– d—–w- c:\program files (x86)\GrabIt
2013-01-12 14:39 . 2013-01-12 15:52 ——– d—–w- c:\programdata\Spotnet
2013-01-12 14:39 . 2013-01-12 14:43 ——– d—–w- c:\program files (x86)\Spotnet
2013-01-12 11:45 . 2013-01-12 11:45 ——– d—–w- c:\program files\Microsoft Silverlight
2013-01-12 11:45 . 2013-01-12 11:45 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
2013-01-12 11:44 . 2013-01-12 11:44 ——– d—–w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2013-01-12 11:33 . 2010-10-05 19:50 8192 —-a-w- c:\windows\SysWow64\drivers\IntelMEFWVer.dll
2013-01-12 11:33 . 2010-10-05 19:50 8192 —-a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2013-01-12 11:33 . 2013-01-12 11:33 ——– d—–w- c:\program files (x86)\Common Files\postureAgent
2013-01-12 11:33 . 2013-01-12 11:33 ——– d—–w- c:\program files (x86)\Etron Technology
2013-01-12 11:31 . 2011-07-22 11:35 1247848 —-a-w- c:\windows\system32\RTCOM64.dll
2013-01-12 11:29 . 2013-01-12 11:47 ——– d—–w- c:\program files (x86)\Intel
2013-01-12 11:29 . 2010-12-23 03:09 53248 —-a-r- c:\windows\SysWow64\CSVer.dll
2013-01-12 11:29 . 2013-01-12 11:30 ——– d—–w- C:\Intel
2013-01-12 11:28 . 2013-01-12 15:05 ——– d—–w- c:\program files (x86)\Microsoft Works
2013-01-12 11:27 . 2013-01-12 11:27 ——– d—–w- c:\windows\PCHEALTH
2013-01-12 11:26 . 2013-01-12 11:26 ——– d—–w- c:\program files\Microsoft Office
2013-01-12 11:26 . 2013-01-12 11:26 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 8
2013-01-12 11:26 . 2013-01-12 15:10 ——– d—–w- c:\programdata\Microsoft Help
2013-01-12 11:26 . 2013-01-12 11:26 ——– d—–r- C:\MSOCache
2013-01-12 11:21 . 2013-01-19 10:22 ——– d—–w- c:\users\Ronald
2013-01-12 11:21 . 2013-01-12 11:21 ——– d—–w- C:\Recovery
2013-01-12 11:21 . 2013-01-12 11:21 ——– d-sh–we c:\users\Default\Sjablonen
2013-01-12 11:21 . 2013-01-12 11:21 ——– d-sh–we c:\users\Default\Netwerkprinteromgeving
2013-01-12 11:21 . 2013-01-12 11:21 ——– d-sh–we c:\users\Default\Mijn documenten
2013-01-12 11:21 . 2013-01-12 11:21 ——– d-sh–we c:\users\Default\Menu Start
2013-01-12 11:21 . 2013-01-12 11:21 ——– d-sh–we c:\users\Default\AppData\Local\Geschiedenis
2013-01-09 11:43 . 2012-06-12 21:00 726160 —-a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-01-08 20:38 . 2013-01-08 20:38 ——– d—–w- c:\program files\ESET
2013-01-08 20:29 . 2013-01-08 20:29 ——– d—–w- c:\programdata\Shark007
2013-01-08 20:29 . 2013-01-08 20:29 ——– d—–w- c:\program files\Shark007
2013-01-08 20:29 . 2012-11-27 04:58 4282368 —-a-w- c:\windows\system32\x264vfw.dll
2013-01-08 20:29 . 2012-07-21 10:55 180736 —-a-w- c:\windows\system32\ac3acm.acm
2013-01-08 20:29 . 2012-07-21 10:54 361472 —-a-w- c:\windows\system32\aacacm.acm
2013-01-08 20:29 . 2012-06-09 17:21 206336 —-a-w- c:\windows\system32\unrar.dll
2013-01-08 20:29 . 2009-08-11 16:22 580096 —-a-w- c:\windows\system32\ac3filter.acm
2013-01-08 20:29 . 2009-01-22 20:51 124909 —-a-w- c:\windows\system32\pthreadGC2.dll
2013-01-08 20:27 . 2013-01-13 20:09 ——– d—–w- c:\program files (x86)\Win7codecs
2013-01-08 20:27 . 2013-01-13 20:09 ——– d—–w- c:\programdata\Win7codecs
2013-01-08 20:26 . 2013-01-08 20:26 959976 —-a-w- c:\windows\system32\deployJava1.dll
2013-01-08 20:26 . 2013-01-08 20:26 308200 —-a-w- c:\windows\system32\javaws.exe
2013-01-08 20:26 . 2013-01-08 20:26 1081320 —-a-w- c:\windows\system32\npDeployJava1.dll
2013-01-08 20:26 . 2013-01-08 20:26 188392 —-a-w- c:\windows\system32\javaw.exe
2013-01-08 20:26 . 2013-01-08 20:26 188392 —-a-w- c:\windows\system32\java.exe
2013-01-08 20:26 . 2013-01-08 20:26 108008 —-a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-08 20:26 . 2013-01-08 20:26 ——– d—–w- c:\program files\Java
2013-01-08 20:26 . 2013-01-08 20:26 ——– d—–w- c:\program files (x86)\Common Files\Java
2013-01-08 20:25 . 2013-01-08 20:25 859072 —-a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-08 20:25 . 2013-01-08 20:25 779704 —-a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-08 20:25 . 2013-01-12 02:30 95648 —-a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-08 20:25 . 2013-01-14 19:59 ——– d—–w- c:\program files (x86)\Java
2013-01-08 20:24 . 2013-01-08 20:24 70584 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 20:24 . 2013-01-08 20:24 691128 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 20:24 . 2013-01-08 20:24 ——– d—–w- c:\windows\SysWow64\Macromed
2013-01-08 20:24 . 2013-01-08 20:24 ——– d—–w- c:\windows\system32\Macromed
2013-01-08 20:18 . 2013-01-08 20:18 ——– d—–w- c:\program files\WinRAR
2013-01-08 19:40 . 2011-03-11 06:41 189824 —-a-w- c:\windows\system32\drivers\storport.sys
2013-01-08 19:40 . 2011-03-11 06:41 166272 —-a-w- c:\windows\system32\drivers\nvstor.sys
2013-01-08 19:40 . 2011-03-11 06:41 148352 —-a-w- c:\windows\system32\drivers\nvraid.sys
2013-01-08 19:40 . 2011-03-11 06:41 410496 —-a-w- c:\windows\system32\drivers\iaStorV.sys
2013-01-08 19:40 . 2011-03-11 06:41 27008 —-a-w- c:\windows\system32\drivers\amdxata.sys
2013-01-08 19:40 . 2011-03-11 06:41 107904 —-a-w- c:\windows\system32\drivers\amdsata.sys
2013-01-08 19:40 . 2011-03-11 06:33 2565632 —-a-w- c:\windows\system32\esent.dll
2013-01-08 19:40 . 2011-03-11 06:30 96768 —-a-w- c:\windows\system32\fsutil.exe
2013-01-08 19:40 . 2011-03-11 05:33 1699328 —-a-w- c:\windows\SysWow64\esent.dll
2013-01-08 19:40 . 2011-03-11 05:31 74240 —-a-w- c:\windows\SysWow64\fsutil.exe
2013-01-08 19:39 . 2011-03-11 04:37 91648 —-a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-01-08 19:39 . 2012-07-06 20:07 552960 —-a-w- c:\windows\system32\drivers\bthport.sys
2013-01-08 19:39 . 2011-04-28 03:54 80384 —-a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-01-08 19:39 . 2011-03-25 03:29 325120 —-a-w- c:\windows\system32\drivers\usbport.sys
2013-01-08 19:39 . 2011-03-25 03:29 52736 —-a-w- c:\windows\system32\drivers\usbehci.sys
2013-01-08 19:39 . 2011-03-25 03:29 343040 —-a-w- c:\windows\system32\drivers\usbhub.sys
2013-01-08 19:39 . 2011-03-25 03:29 98816 —-a-w- c:\windows\system32\drivers\usbccgp.sys
2013-01-08 19:39 . 2011-03-25 03:29 25600 —-a-w- c:\windows\system32\drivers\usbohci.sys
2013-01-08 19:39 . 2011-03-25 03:29 30720 —-a-w- c:\windows\system32\drivers\usbuhci.sys
2013-01-08 19:39 . 2011-03-25 03:28 7936 —-a-w- c:\windows\system32\drivers\usbd.sys
2013-01-08 19:31 . 2013-01-12 11:27 ——– d—–w- c:\program files (x86)\Microsoft.NET
2013-01-08 19:31 . 2013-01-18 14:47 ——– d-sh–w- c:\windows\Installer
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 21:37 . 2012-12-12 21:37 4472832 —-a-w- c:\windows\SysWow64\GPhotos.scr
2012-11-30 04:45 . 2013-01-08 18:36 44032 —-a-w- c:\windows\apppatch\acwow64.dll
2012-11-16 12:56 . 2012-11-16 12:56 209808 —-a-w- c:\windows\system32\drivers\eamonm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“Dolby Home Theater v4”=“c:\program files (x86)\Dolby Home Theater v4\pcee4.exe”
“Cobian Backup 10”=“c:\program files (x86)\Cobian Backup 10\Cobian.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“BrMfcWnd”=“c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe”
“ControlCenter3”=“c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe”
“WinampAgent”=“c:\program files (x86)\Winamp\winampa.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RUN.CMD
.
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 0 (0x0)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
“NoResolveTrack”= 1 (0x1)
.
“aux”=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys
R3 BFNVis64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVa64.sys
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys
R3 IAMTVE;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys
R3 IAMTXPE;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X64.sys
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - 54669820
*Deregistered* - 54669820
.
.
——— X64 Entries ———–
.
.
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe”
“RTHDVCPL”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“RtHDVBg_Dolby”=“c:\program files\Realtek\Audio\HDA\RAVBg64.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\ikbh7m58.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.familiehuls.nl/
FF - ExtSQL: 2013-01-12 16:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\ikbh7m58.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-12 16:18; support@lastpass.com; c:\users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\ikbh7m58.default\extensions\support@lastpass.com
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_108_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_108_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_108_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_108_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_108.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_108.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_108.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_108.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-01-24 18:50:04
ComboFix-quarantined-files.txt 2013-01-24 17:50
ComboFix2.txt 2013-01-22 17:39
.
Pre-Run: 74.354.917.376 bytes beschikbaar
Post-Run: 74.191.634.432 bytes beschikbaar
.
- - End Of File - - E9B9A3AB19FBA31B99A7EC7992174ABD
