Ga naar inhoud

hotdates

Lid
  • Items

    25
  • Registratiedatum

  • Laatst bezocht

hotdates's prestaties

  1. er komt iedere keer op aangemeld opmijn pc en daarna home pc 1 home pc 2 home pc 3 enz ---------- Post toegevoegd om 10:10 ---------- Vorige post was om 10:09 ---------- ik heb al een ander wachtwoord ingesteld ook
  2. ComboFix 12-02-11.03 - sexy hotje 11-02-2012 22:04:17.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8122.5580 [GMT 1:00] Gestart vanuit: c:\users\sexy hotje\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Aanwezig AV is actief . . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\sexy hotje\AppData\Local\Temp\ppcrlui_4608_2 c:\users\SEXYHO~1\AppData\Local\Temp\ppcrlui_4608_2 c:\windows\system32\GroupPolicy\Machine\Registry.pol . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))) . . 2012-02-11 08:07 . 2011-10-04 16:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-11 08:06 . 2012-02-11 08:06 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{003B199E-BC97-48CF-86E4-8A03270E2D45}\gapaengine.dll 2012-02-11 08:06 . 2012-01-17 03:39 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B33FAFA7-739B-4327-AE34-1355F544CE66}\mpengine.dll 2012-02-10 07:53 . 2012-02-10 07:53 -------- d-----w- c:\program files (x86)\Trend Micro 2012-02-09 22:47 . 2006-06-19 12:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll 2012-02-09 22:47 . 2006-05-25 14:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll 2012-02-09 22:47 . 2005-08-26 00:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll 2012-02-09 22:47 . 2003-02-02 19:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll 2012-02-09 22:47 . 2002-03-06 00:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll 2012-02-09 22:47 . 2012-02-09 22:48 -------- d-----w- c:\program files (x86)\Trojan Remover 2012-02-09 22:47 . 2012-02-09 22:47 -------- d-----w- c:\programdata\Simply Super Software 2012-02-09 21:57 . 2012-02-09 21:57 -------- d-----w- c:\program files (x86)\EMCO 2012-02-09 08:45 . 2012-02-09 08:52 -------- d-----w- c:\program files\route 66 2012-02-05 17:07 . 2012-01-17 03:39 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-05 16:59 . 2012-02-05 16:59 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-02-05 16:59 . 2012-02-05 16:59 -------- d-----r- c:\program files (x86)\Skype 2012-02-05 16:59 . 2012-02-05 16:59 -------- d-----w- c:\programdata\Skype 2012-02-05 16:07 . 2012-02-05 16:07 -------- d-----w- c:\programdata\MumboJumbo 2012-02-05 15:16 . 2012-02-05 15:16 -------- d-----w- c:\programdata\Malwarebytes 2012-02-05 15:15 . 2012-02-05 15:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-05 15:15 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-05 13:41 . 2012-02-05 13:41 -------- d-----w- c:\program files\ESET 2012-02-05 13:33 . 2012-02-05 13:33 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-02-05 13:33 . 2012-02-05 13:33 -------- d-----w- c:\windows\PCHEALTH 2012-02-05 13:33 . 2012-02-05 13:33 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-02-05 13:33 . 2012-02-05 13:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-02-05 13:31 . 2012-02-05 13:31 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-02-05 13:30 . 2012-02-05 13:30 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-02-05 13:30 . 2012-02-05 13:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2012-02-05 13:29 . 2012-02-05 17:12 -------- d-----w- c:\programdata\Microsoft Help 2012-02-05 13:22 . 2012-02-05 13:22 -------- d-----w- c:\program files (x86)\RapidShareManager 2012-02-05 12:36 . 2006-10-06 13:17 53248 ------w- c:\windows\Ctregrun.exe 2012-02-05 12:36 . 2000-05-22 15:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx 2012-02-05 11:56 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-02-05 11:56 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-02-05 11:54 . 2011-11-17 06:30 1740160 ----a-w- c:\windows\system32\ntdll.dll 2012-02-05 11:54 . 2011-11-17 05:31 1296200 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-02-05 11:53 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-02-05 11:53 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-02-05 11:52 . 2012-02-05 11:52 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-05 11:50 . 2003-06-12 22:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd 2012-02-05 11:48 . 2012-02-05 13:01 -------- d-----w- c:\programdata\Creative 2012-02-05 11:48 . 2009-03-26 13:48 190976 ----a-w- c:\windows\system32\APOMgr64.DLL 2012-02-05 11:48 . 2009-03-26 13:46 148480 ----a-w- c:\windows\SysWow64\APOMngr.DLL 2012-02-05 11:48 . 2009-02-06 17:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL 2012-02-05 11:48 . 2009-02-06 17:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL 2012-02-05 11:48 . 2012-02-05 11:48 -------- d-----w- c:\windows\SysWow64\Data 2012-02-05 11:48 . 2012-02-05 11:48 -------- d-----w- c:\windows\system32\DATA 2012-02-05 11:48 . 2012-02-05 11:48 -------- d-----w- c:\programdata\Brother 2012-02-05 11:43 . 2012-02-05 11:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-02-05 11:42 . 2012-02-05 11:43 -------- d-----w- c:\program files\Microsoft Security Client 2012-02-05 11:41 . 2012-02-05 12:14 -------- d-----w- c:\users\sexy hotje 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\programdata\Sjablonen 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\programdata\Menu Start 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\programdata\Favorieten 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\programdata\Documenten 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\programdata\Bureaublad 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-----w- C:\Recovery 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\users\Default\Sjablonen 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\users\Default\Mijn documenten 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\users\Default\Menu Start 2012-02-05 11:39 . 2012-02-05 11:39 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis 2012-02-05 11:09 . 2012-02-05 11:09 0 ----a-w- c:\windows\ativpsrm.bin 2012-02-05 10:57 . 2012-02-05 10:57 -------- d-----w- c:\windows\ConfigSetRoot 2012-02-05 10:46 . 2012-02-05 10:46 -------- d-----w- C:\Windows.old 2012-02-03 11:43 . 2012-02-03 11:43 -------- d-----w- C:\Drivers 2012-01-29 08:08 . 2012-01-29 08:08 -------- d-----w- C:\hp_LJP2014_Full_Solution_ASIA . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-02-09 1233856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 ATE_PROCMON;ATE_PROCMON;c:\program files (x86)\Anti Trojan Elite\ATEPMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-05 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-05 79360] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3307594515-1446826183-677986355-1000Core.job - c:\users\sexy hotje\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 12:13] . 2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3307594515-1446826183-677986355-1000UA.job - c:\users\sexy hotje\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 12:13] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rocketdock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-02-05 4035152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.hln.be/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\program files\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.131.130 195.130.130.2 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKCU-Run-Anti Trojan Elite - c:\program files (x86)\Anti Trojan Elite\TJEnder.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Voltooingstijd: 2012-02-11 22:14:54 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-11 21:14 ComboFix2.txt 2012-02-01 20:16 ComboFix3.txt 2012-02-01 17:01 ComboFix4.txt 2012-01-31 15:39 . Pre-Run: 134.493.425.664 bytes beschikbaar Post-Run: 135.262.236.672 bytes beschikbaar . - - End Of File - - 991EF90657E06BA9E58D69BDA15115F3
  3. geachte heb da allemaal gedaan en blijft zelfde mvg
  4. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:05:37, on 11-2-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\sexy hotje\Desktop\pdw\PDW3_1.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\sexy hotje\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Anti Trojan Elite] C:\Program Files (x86)\Anti Trojan Elite\TJEnder.exe :NO O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9617 bytes
  5. heb ik gedaan maar helpt ook niet iedere keer krijg ik melding aangemeld op 2 of3 of 4 locaties en dan veranderd mijn schermafbeelding en komt er een link te staan van een secsite mvg
  6. geachte iedere keer veranderd mijn messenger schermnaam naar een andere naam en komt er een link bij te staan van een sexsite wat kan ik doen
  7. geachte ik heb dit uitgevoerd en alles werkt prima nu ik wil jullie allemaal bedanken voor deze hulp mvg ps ik heb nog een vraagje kan je me soms helpen voor een gode troyan killer mvg
  8. geachte alles wat met nero te maken heeft staat uit en blijft het zelfde mvg
  9. DE HERSTELSERVICE KAN NIET WORDEN GESTARD als ik dit doe krijg ik deze melding mvg
  10. Microsoft Windows [versie 6.0.6002] Copyright © 2006 Microsoft Corporation. Alle rechten voorbehouden. C:\Windows\system32>sfc /scannow. Microsoft ® Windows ® Broncontrole, versie 6.0 Copyright © 2006 Microsoft Corporation. Alle rechten voorbehouden. Hiermee wordt de integriteit van alle beveiligde systeembestanden gecontroleerd en worden ongeldige versies vervangen door geldige Microsoft- versies. SFC [/sCANNOW] [/VERIFYONLY] [/sCANFILE=<bestand>] [/VERIFYFILE=<bestand>] [/OFFWINDIR=<offline Windows-map> /OFFBOOTDIR=<offline opstartmap>] /SCANNOW De integriteit van alle beveiligde systeembestanden controleren, en de bestanden met problemen indien mogelijk herstellen. /VERIFYONLY De integriteit van alle beveiligde systeembestanden controleren. Geen herstelbewerkingen worden uitgevoerd. /SCANFILE De integriteit van het bestand waarnaar wordt verwezen controleren, en dit bestand herstellen als problemen zijn gevonden. Geef volledig pad <bestand> op. /VERIFYFILE De integriteit van het bestand met volledig pad <bestand> controleren. Geen herstelbewerking wordt uitgevoerd. /OFFBOOTDIR De locatie van de offline opstartmap, voor offline herstellen, opgeven. /OFFWINDIR De locatie vna de offline Windows-map, voor offline herstellen, opgeven. Voorbeelden: sfc /SCANNOW sfc /VERIFYFILE=c:\windows\system32\kernel32.dll sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows svc /VERIFYONLY C:\Windows\system32>
  11. klopt heb het zo gedaan en komt zwart vensterke en onmiddelijk terug weg wat kan ik nog doen
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.