Tweede logfile HijackThis

[Tijn]

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:36:47, on 9-6-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O2 - BHO: BittorrentBar_NL - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CodecC - {AFC4B7C5-9BDE-4D72-9D2D-B9B9687D4F8E} - C:\ProgramData\CodecC\bhoclass.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL

O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Google Update] "C:\Users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EABBD825-4E43-440D-8816-C270AADC813B}: NameServer = 208.67.222.222,208.67.220.220

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

O23 - Service: VMware View USB Control (wsnm_usbctrl) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe

---------- Post toegevoegd om 22:38 ---------- Vorige post was om 22:30 ----------

Had het bericht wat snel geplaatst...!

Dus, het probleem: Optimizer Pro.

Inmiddels HijackThis and MWAV gedraaid, zie hieronder het tweede logfile van HijackThis. Het logfile van MWAV geeft aan dat er geen bedreigingen gevonden zijn.

Graag hoor ik of ik nog iets moet doen met de resultaten die HijackThis aangeeft.

Bedankt alvast en met groeten, Tijn

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:36:47, on 9-6-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O2 - BHO: BittorrentBar_NL - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CodecC - {AFC4B7C5-9BDE-4D72-9D2D-B9B9687D4F8E} - C:\ProgramData\CodecC\bhoclass.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL

O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Google Update] "C:\Users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EABBD825-4E43-440D-8816-C270AADC813B}: NameServer = 208.67.222.222,208.67.220.220

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

O23 - Service: VMware View USB Control (wsnm_usbctrl) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe

---------- Post toegevoegd om 22:49 ---------- Vorige post was om 22:38 ----------

En als ik nog wat mag toevoegen, hoe krijg ik het volgende weg:

- Text Enhance

- De toolbar van Bittorent in Chrome

[kweezie wabbit]

Optimizer Pro kan je toch verwijderen via het configuratiescherm.

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O2 - BHO: BittorrentBar_NL - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: CodecC - {AFC4B7C5-9BDE-4D72-9D2D-B9B9687D4F8E} - C:\ProgramData\CodecC\bhoclass.dll

O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL

O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

Klik op 'Fix checked' om de items te verwijderen.

Maak dan een nieuw logje met hijackthis en plaats ook het logje van malwarebytes.

[Tijn]

Bedankt Kweezie,

Hoefde maar een paar dingen te verwijderen bij Hijack This (SearchAssistant en CustomizeSearch en Global Startup: McAfee). Over 020 - AppInit heb ik getwijfeld, de extensie stond er niet achter dus die heb ik laten staan. Zijn dit ook de aanpassingen om Text Enhance weg te krijgen?

Het gekke is dat het via het configuratiescherm niet werkt om de bittorent toolbar te de-installeren.

Zie hieronder de nieuwe logfiles, met groeten, Tijn

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:36:47, on 9-6-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O2 - BHO: BittorrentBar_NL - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CodecC - {AFC4B7C5-9BDE-4D72-9D2D-B9B9687D4F8E} - C:\ProgramData\CodecC\bhoclass.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL

O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBitt.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Google Update] "C:\Users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EABBD825-4E43-440D-8816-C270AADC813B}: NameServer = 208.67.222.222,208.67.220.220

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

O23 - Service: VMware View USB Control (wsnm_usbctrl) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe

Weet niet op dit het juiste bestand is van MBAW - hij had een (1) melding gevonden

2012/06/11 08:02:35 +0200 TIJN-PC Tijn MESSAGE Starting protection

2012/06/11 08:02:37 +0200 TIJN-PC Tijn MESSAGE Protection started successfully

2012/06/11 08:02:40 +0200 TIJN-PC Tijn MESSAGE Starting IP protection

2012/06/11 08:02:41 +0200 TIJN-PC Tijn MESSAGE IP Protection started successfully

2012/06/11 09:36:24 +0200 TIJN-PC Tijn MESSAGE Starting protection

2012/06/11 09:36:25 +0200 TIJN-PC Tijn MESSAGE Protection started successfully

2012/06/11 09:36:28 +0200 TIJN-PC Tijn MESSAGE Starting IP protection

2012/06/11 09:36:29 +0200 TIJN-PC Tijn MESSAGE IP Protection started successfully

2012/06/11 15:16:18 +0200 TIJN-PC Tijn MESSAGE Starting protection

2012/06/11 15:16:19 +0200 TIJN-PC Tijn MESSAGE Protection started successfully

2012/06/11 15:16:22 +0200 TIJN-PC Tijn MESSAGE Starting IP protection

2012/06/11 15:16:23 +0200 TIJN-PC Tijn MESSAGE IP Protection started successfully

2012/06/11 15:22:40 +0200 TIJN-PC Tijn MESSAGE Executing scheduled update: Daily

2012/06/11 15:22:47 +0200 TIJN-PC Tijn MESSAGE Scheduled update executed successfully: database updated from version v2012.06.09.05 to version v2012.06.11.04

2012/06/11 15:22:47 +0200 TIJN-PC Tijn MESSAGE Starting database refresh

2012/06/11 15:22:47 +0200 TIJN-PC Tijn MESSAGE Stopping IP protection

2012/06/11 15:23:28 +0200 TIJN-PC Tijn MESSAGE IP Protection stopped

2012/06/11 15:23:29 +0200 TIJN-PC Tijn MESSAGE Database refreshed successfully

2012/06/11 15:23:29 +0200 TIJN-PC Tijn MESSAGE Starting IP protection

2012/06/11 15:23:30 +0200 TIJN-PC Tijn MESSAGE IP Protection started successfully

2012/06/11 23:15:17 +0200 TIJN-PC Tijn MESSAGE Starting database refresh

2012/06/11 23:15:17 +0200 TIJN-PC Tijn MESSAGE Stopping IP protection

[Tijn]

Hallo Kweezie,

MBAW vond de volgende bedreiging:

PUP.DownloadnSave (C:\ProgramData\CodecC\bhoclass.dll

Neem aan dat ik die moet verwijderen?

Groeten, Tijn

[kweezie wabbit]

Die moet je inderaad verwijdern met mbam.

Het hijackthis logje is hetzelfde als wat je eerst hebt geplaatst (Scan saved at 10:36:47, on 9-6-2012)

Die 020 - AppInit moet je wel verwijderen want dat is een van de mogelijke boosdoeners.

Kan je dan een nieuw logje maken.

[Tijn]

Die moet je inderaad verwijdern met mbam.

Het hijackthis logje is hetzelfde als wat je eerst hebt geplaatst (Scan saved at 10:36:47, on 9-6-2012)

Die 020 - AppInit moet je wel verwijderen want dat is een van de mogelijke boosdoeners.

Kan je dan een nieuw logje maken.

Hallo Kweezie,

Nieuwe log. HijackThis scant trouwens ongelooflijk snel, kwestie van seconden dan is ie al weer klaar.

Die 020 - AppInitwas trouwens al weg, ik denk doordat ik met MWAM dat programma heb verwijderd.

Text Enhance blijf ik zien, Bittorent toolbaar inmiddels met instellingen van Chrome uit Chrome verwijderd, krijg het echter niet uit de lijst met programma's.

Dank weer voor je reactie! Met groeten, Tijn

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:13:28, on 12-6-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Tijn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Google Update] "C:\Users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EABBD825-4E43-440D-8816-C270AADC813B}: NameServer = 208.67.222.222,208.67.220.220

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

O23 - Service: VMware View USB Control (wsnm_usbctrl) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe

--

End of file - 9243 bytes

[kweezie wabbit]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Tijn]

Ha Kweezie,

Kreeg inderdaad de melding en heb daarna op ja (=verwijderen...) geklikt, prompt geen IE meer. Vervolgens computer herstart, nu is IE 9 geïnstalleerd en werkt internet weer. Wel alle bookmarks kwijt, maar die kan ik vast nog wel ergens vinden. Hieronder het logfile, bedankt voor je reactie alvast en met groeten, Tijn

ComboFix 12-06-12.01 - Tijn 12-06-2012 21:15:55.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7913.6139 [GMT 2:00]

Gestart vanuit: c:\users\Tijn\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

G:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-12 to 2012-06-12 ))))))))))))))))))))))))))))))

.

.

2012-06-12 19:19 . 2012-06-12 19:19 -------- d-----w- c:\users\Luca\AppData\Local\temp

2012-06-12 19:19 . 2012-06-12 19:19 -------- d-----w- c:\users\Iris\AppData\Local\temp

2012-06-12 19:19 . 2012-06-12 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-12 19:19 . 2012-06-12 19:19 -------- d-----w- c:\users\Cas\AppData\Local\temp

2012-06-12 19:19 . 2012-06-12 19:19 -------- d-----w- c:\users\Bregje\AppData\Local\temp

2012-06-11 20:17 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E14EE381-25EC-4274-8FB7-DC662FA9B912}\mpengine.dll

2012-06-10 19:18 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-09 20:00 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-06-09 08:34 . 2012-06-09 08:34 388096 ----a-r- c:\users\Tijn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-09 08:34 . 2012-06-09 08:34 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-08 22:35 . 2012-06-08 22:35 -------- d-----w- c:\users\Tijn\AppData\Roaming\Malwarebytes

2012-06-08 22:34 . 2012-06-08 22:34 -------- d-----w- c:\programdata\Malwarebytes

2012-06-08 22:34 . 2012-06-09 19:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-08 22:34 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-08 22:16 . 2012-06-08 22:31 -------- d-----w- C:\sh4ldr

2012-06-08 22:16 . 2012-06-08 22:16 -------- d-----w- c:\program files\Enigma Software Group

2012-06-08 22:14 . 2012-06-08 22:31 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-06-08 22:14 . 2012-06-08 22:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-05-18 07:09 . 2012-05-18 07:09 -------- d-----w- c:\users\Luca\AppData\Local\Apple

2012-05-14 19:58 . 2012-05-14 19:58 -------- d-----w- c:\users\Tijn\AppData\Roaming\VMware

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-31 06:05 . 2012-05-09 17:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-09 17:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-09 17:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-09 17:24 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-09 17:24 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-20 18:44 . 2011-04-27 14:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2011-04-18 12:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-19 21:44 . 2012-03-19 21:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe

2012-03-19 21:44 . 2012-03-19 21:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-03-19 21:44 . 2012-03-19 21:44 439064 ----a-w- c:\windows\system32\igfxpers.exe

2012-03-19 21:44 . 2012-03-19 21:44 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-03-19 21:44 . 2012-03-19 21:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-03-19 21:44 . 2012-03-19 21:44 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-03-19 21:44 . 2012-03-19 21:44 184600 ----a-w- c:\windows\system32\difx64.exe

2012-03-19 21:44 . 2012-03-19 21:44 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-03-19 21:42 . 2012-03-19 21:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll

2012-03-19 21:32 . 2012-03-19 21:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-03-19 21:31 . 2012-03-19 21:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll

2012-03-19 21:31 . 2012-03-19 21:31 963912 ----a-w- c:\windows\system32\igkrng600.bin

2012-03-19 21:31 . 2012-03-19 21:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin

2012-03-19 21:31 . 2012-03-19 21:31 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-03-19 21:26 . 2011-08-31 18:47 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-03-19 21:25 . 2012-03-19 21:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-03-19 21:22 . 2011-08-31 18:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-03-19 21:11 . 2011-08-31 18:37 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-03-19 20:31 . 2012-03-19 20:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll

2012-03-19 20:21 . 2012-03-19 20:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-03-19 20:18 . 2012-03-19 20:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-03-19 20:18 . 2012-03-19 20:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-03-19 20:18 . 2012-03-19 20:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-03-19 20:18 . 2012-03-19 20:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-03-19 20:18 . 2012-03-19 20:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-03-19 20:18 . 2012-03-19 20:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-03-19 20:18 . 2012-03-19 20:18 386560 ----a-w- c:\windows\system32\igfxpph.dll

2012-03-19 20:18 . 2012-03-19 20:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-03-19 20:17 . 2012-03-19 20:17 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-03-19 20:17 . 2011-08-31 18:21 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-03-19 20:17 . 2011-08-31 18:20 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-03-19 20:17 . 2012-03-19 20:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-03-19 20:17 . 2012-03-19 20:17 434688 ----a-w- c:\windows\system32\igfxdev.dll

2012-03-19 20:17 . 2012-03-19 20:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-03-19 20:16 . 2012-03-19 20:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-03-19 20:16 . 2012-03-19 20:16 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-03-19 20:16 . 2011-08-31 18:20 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-03-19 20:12 . 2012-03-19 20:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-03-19 20:11 . 2012-03-19 20:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-03-19 20:09 . 2012-03-19 20:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll

2012-03-19 20:09 . 2012-03-19 20:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2012-03-19 20:09 . 2012-03-19 20:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll

2012-03-19 20:09 . 2012-03-19 20:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2012-03-19 20:09 . 2012-03-19 20:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2012-03-19 20:09 . 2012-03-19 20:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll

2012-03-19 20:09 . 2012-03-19 20:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll

2012-03-19 20:09 . 2012-03-19 20:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2012-03-17 07:58 . 2012-05-09 17:24 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 116648]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 116648]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-18 494192]

S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-18 1120368]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 17:04]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 17:04]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065007715-4146422663-686824172-1000Core.job

- c:\users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 10:26]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065007715-4146422663-686824172-1000UA.job

- c:\users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 10:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

TCP: Interfaces\{EABBD825-4E43-440D-8816-C270AADC813B}: NameServer = 208.67.222.222,208.67.220.220

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

Toolbar-10 - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1065007715-4146422663-686824172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1065007715-4146422663-686824172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-12 21:51:37 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-12 19:51

.

Pre-Run: 156.179.566.592 bytes beschikbaar

Post-Run: 156.527.091.712 bytes beschikbaar

.

- - End Of File - - C80017229F518D14D0AC19735D224094

[kweezie wabbit]

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\sh4ldr

File::

c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

[Tijn]

Hallo Kweezie! Al met al een heel proces.

Heb eerst ComboFix gewoon gestart. Later nog een keer door de de textfile naar de koppeling op het bureaublad te slepen. PC een keer herstart. En hieronder het resultaat in de vorm van de logfile. Dank voor je support hierbij, groeten, Tijn

ComboFix 12-06-12.03 - Tijn 13-06-2012 8:16.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7913.6145 [GMT 2:00]

Gestart vanuit: c:\users\Tijn\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Tijn\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\sh4ldr

c:\sh4ldr\shldr.mbr

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-13 to 2012-06-13 ))))))))))))))))))))))))))))))

.

.

2012-06-13 06:19 . 2012-06-13 06:19 -------- d-----w- c:\users\Luca\AppData\Local\temp

2012-06-13 06:19 . 2012-06-13 06:19 -------- d-----w- c:\users\Iris\AppData\Local\temp

2012-06-13 06:19 . 2012-06-13 06:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-13 06:19 . 2012-06-13 06:19 -------- d-----w- c:\users\Cas\AppData\Local\temp

2012-06-13 06:19 . 2012-06-13 06:19 -------- d-----w- c:\users\Bregje\AppData\Local\temp

2012-06-12 20:30 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B66969FC-02BE-44EB-A8AC-DEDE8C36561C}\mpengine.dll

2012-06-11 20:17 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-09 20:00 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-06-09 08:34 . 2012-06-09 08:34 388096 ----a-r- c:\users\Tijn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-09 08:34 . 2012-06-09 08:34 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-08 22:35 . 2012-06-08 22:35 -------- d-----w- c:\users\Tijn\AppData\Roaming\Malwarebytes

2012-06-08 22:34 . 2012-06-08 22:34 -------- d-----w- c:\programdata\Malwarebytes

2012-06-08 22:34 . 2012-06-09 19:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-08 22:34 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-08 22:16 . 2012-06-08 22:16 -------- d-----w- c:\program files\Enigma Software Group

2012-06-08 22:14 . 2012-06-08 22:31 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-06-08 22:14 . 2012-06-08 22:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-05-18 07:09 . 2012-05-18 07:09 -------- d-----w- c:\users\Luca\AppData\Local\Apple

2012-05-14 19:58 . 2012-05-14 19:58 -------- d-----w- c:\users\Tijn\AppData\Roaming\VMware

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-31 06:05 . 2012-05-09 17:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-09 17:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-09 17:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-09 17:24 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-09 17:24 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-20 18:44 . 2011-04-27 14:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2011-04-18 12:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-19 21:44 . 2012-03-19 21:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe

2012-03-19 21:44 . 2012-03-19 21:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-03-19 21:44 . 2012-03-19 21:44 439064 ----a-w- c:\windows\system32\igfxpers.exe

2012-03-19 21:44 . 2012-03-19 21:44 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-03-19 21:44 . 2012-03-19 21:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-03-19 21:44 . 2012-03-19 21:44 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-03-19 21:44 . 2012-03-19 21:44 184600 ----a-w- c:\windows\system32\difx64.exe

2012-03-19 21:44 . 2012-03-19 21:44 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-03-19 21:42 . 2012-03-19 21:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll

2012-03-19 21:32 . 2012-03-19 21:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-03-19 21:31 . 2012-03-19 21:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll

2012-03-19 21:31 . 2012-03-19 21:31 963912 ----a-w- c:\windows\system32\igkrng600.bin

2012-03-19 21:31 . 2012-03-19 21:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin

2012-03-19 21:31 . 2012-03-19 21:31 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-03-19 21:26 . 2011-08-31 18:47 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-03-19 21:25 . 2012-03-19 21:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-03-19 21:22 . 2011-08-31 18:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-03-19 21:11 . 2011-08-31 18:37 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-03-19 20:31 . 2012-03-19 20:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll

2012-03-19 20:21 . 2012-03-19 20:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-03-19 20:18 . 2012-03-19 20:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-03-19 20:18 . 2012-03-19 20:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-03-19 20:18 . 2012-03-19 20:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-03-19 20:18 . 2012-03-19 20:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-03-19 20:18 . 2012-03-19 20:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-03-19 20:18 . 2012-03-19 20:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-03-19 20:18 . 2012-03-19 20:18 386560 ----a-w- c:\windows\system32\igfxpph.dll

2012-03-19 20:18 . 2012-03-19 20:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-03-19 20:17 . 2012-03-19 20:17 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-03-19 20:17 . 2011-08-31 18:21 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-03-19 20:17 . 2011-08-31 18:20 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-03-19 20:17 . 2012-03-19 20:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-03-19 20:17 . 2012-03-19 20:17 434688 ----a-w- c:\windows\system32\igfxdev.dll

2012-03-19 20:17 . 2012-03-19 20:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-03-19 20:16 . 2012-03-19 20:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-03-19 20:16 . 2012-03-19 20:16 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-03-19 20:16 . 2011-08-31 18:20 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-03-19 20:12 . 2012-03-19 20:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-03-19 20:11 . 2012-03-19 20:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-03-19 20:09 . 2012-03-19 20:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll

2012-03-19 20:09 . 2012-03-19 20:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2012-03-19 20:09 . 2012-03-19 20:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll

2012-03-19 20:09 . 2012-03-19 20:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2012-03-19 20:09 . 2012-03-19 20:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2012-03-19 20:09 . 2012-03-19 20:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll

2012-03-19 20:09 . 2012-03-19 20:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll

2012-03-19 20:09 . 2012-03-19 20:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2012-03-17 07:58 . 2012-05-09 17:24 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-12_19.49.47 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-01-14 21:26 . 2012-06-12 07:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-14 21:26 . 2012-06-12 20:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-01-14 21:26 . 2012-06-12 07:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-01-14 21:26 . 2012-06-12 20:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-12 07:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-12 20:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-06-13 06:20 . 2012-06-13 06:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-12 19:21 . 2012-06-12 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-12 19:21 . 2012-06-12 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-13 06:20 . 2012-06-13 06:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-04-12 13:00 . 2012-06-13 06:12 703426 c:\windows\system32\perfh013.dat

- 2011-04-12 13:00 . 2012-06-12 19:25 703426 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-06-13 06:12 617910 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-12 19:25 617910 c:\windows\system32\perfh009.dat

+ 2011-04-12 13:00 . 2012-06-13 06:12 134358 c:\windows\system32\perfc013.dat

- 2011-04-12 13:00 . 2012-06-12 19:25 134358 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-06-13 06:12 107190 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-06-12 19:25 107190 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-06-12 19:20 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-13 06:19 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-01-15 21:58 . 2012-06-13 06:19 6875592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1065007715-4146422663-686824172-1000-8192.dat

- 2012-01-15 21:58 . 2012-06-12 19:20 6875592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1065007715-4146422663-686824172-1000-8192.dat

+ 2012-01-15 21:58 . 2012-06-12 21:54 2158060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1065007715-4146422663-686824172-1000-4096.dat

- 2012-01-15 21:58 . 2012-06-09 20:19 2158060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1065007715-4146422663-686824172-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

2;2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 116648]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 116648]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-18 494192]

S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-18 1120368]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 17:04]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 17:04]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065007715-4146422663-686824172-1000Core.job

- c:\users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 10:26]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065007715-4146422663-686824172-1000UA.job

- c:\users\Tijn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 10:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

TCP: Interfaces\{EABBD825-4E43-440D-8816-C270AADC813B}: NameServer = 208.67.222.222,208.67.220.220

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1065007715-4146422663-686824172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1065007715-4146422663-686824172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-13 08:23:05 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-13 06:23

ComboFix2.txt 2012-06-13 05:58

ComboFix3.txt 2012-06-12 19:51

.

Pre-Run: 155.749.629.952 bytes beschikbaar

Post-Run: 155.665.883.136 bytes beschikbaar

.

- - End Of File - - 900EACADBA31BCD43808DA3919A64D8B