Ga naar inhoud

Ik mijn pc schoon na ftp lek mbv gumblar


Aanbevolen berichten

Vorige week bleek een van mijn websites gehackt, en de host heeft mij gemeld dat de ftp gegevens van die site waren gelekt, en dat is gebeurd via het gumblar virus. De site is weer schoon, en alle ftp wachtwoorden gewijzigd, maar ik maak me toch zorgen of het virus eigenlijk wel van mijn laptop af is.

Meestal vind ik het antwoord wel door op enkele forums te kijken naar vergelijkbare problemen, maar dit keer kom ik er niet uit. Ik hoop dat iemand van jullie me kan helpen.

Wat heb ik gedaan en wat heb ik gevonden:

Ik heb avast antivirus en MBAM laten lopen, vonden niets.

Maar er gebeuren de laatste weken wel rare dingen. Wantrouwig als ik ben geworden, vraag ik me af of ik nog besmet ben:Telkens als ik opstart komt er het volgende window, waarvan ik geen idee heb waar dat mee te maken heeft, windows start ook gewoon op.

75v375Dhw79f76zq7dyl524AAAAAElFTkSuQmCC

Vervolgens heb ik hijjack this laten lopen (log zie onderaan), en die liep er gelijk tegenaan dat het hosts bestand (zie onder) niet gescand kon worden. Nu vond ik ergens dat gumbar ook iets doet met dat bestand.

Kan iemand mij vertellen of er nog iets kwalijks op mijn pc is achtergebleven en zo ja, hoe ik het eraf moet krijgen.

Alvast bedankt!

Hierbij de inhoud van mijn host bestand:

# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

De hijjack this log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:35:34, on 18-12-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Bluetooth Suite\BtvStack.exe

C:\Program Files\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe

C:\Program Files\McAfee Security Scan\3.0.285\McUICnt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\OpenOffice.org 3\program\swriter.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Philippine\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Special Forces

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"

O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"

O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [googletalk] C:\Users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - Startup: Dropbox.lnk = Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe

O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 15125 bytes

- - - Updated - - -

Oh, ik zie dat het plaatje niet is meegegaan. Het window meldt de volgende tekst:

Server Bezet.

Deze actie kan niet worden voltooid omdat het ander programma bezet is. Klik op activeren om naar dit programma over te schakelen en het probleem op te lossen.

Link naar reactie
Delen op andere sites

Ga naar Start - Alle programma's - Bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor “uitvoeren als administrator” om het opdrachtprompt te openen.

Tik in: sc stop "Application Updater" en druk op Enter.

Tik in: sc delete "Application Updater" en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Het heeft even wat voeten in aarde gehad, vooral het installeren en uitvoeren van combofix ging nogal vaak fout. Maar uiteindelijk is hij toch helemaal uitgelopen. Hier volgt de log van combofix:

ComboFix 12-12-17.02 - Philippine 18-12-2012 21:44:16.1.2 - x86

Gestart vanuit: c:\users\Philippine\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\PHILIP~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\users\Philippine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\users\Philippine\AppData\Local\TempDIR

c:\users\vermaatjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk

c:\windows\system32\muzapp.exe

c:\windows\system32\System32\MASetupCleaner.exe

c:\windows\system32\System32\muzapp.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))))

.

.

2012-12-18 15:47 . 2012-12-18 15:47 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C03EEA4-556B-4E2B-97B3-6DFE92EC9CDD}\offreg.dll

2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee Security Scan

2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee

2012-12-18 14:30 . 2012-12-18 15:08 -------- d-----w- c:\program files\McAfee Security Scan

2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iPod

2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iTunes

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-12-17 06:37 . 2012-12-17 06:38 -------- d-----w- c:\program files\QuickTime

2012-12-14 06:32 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C03EEA4-556B-4E2B-97B3-6DFE92EC9CDD}\mpengine.dll

2012-12-12 09:40 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-12-07 10:00 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-07 09:58 . 2012-12-07 09:58 -------- d-----w- c:\program files\Bonjour

2012-12-04 20:39 . 2012-12-04 20:39 -------- d-----w- c:\program files\Application Updater

2012-12-04 20:39 . 2012-12-04 20:39 -------- d-----w- c:\program files\pdfforge Toolbar

2012-12-04 20:39 . 2012-12-04 20:39 -------- d-----w- c:\program files\Common Files\Spigot

2012-11-22 08:24 . 2012-11-22 08:24 8795216 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

2012-11-20 21:58 . 2012-11-21 06:39 -------- d-----w- c:\program files\Mozilla Thunderbird

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:21 . 2012-04-10 05:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 16:21 . 2011-08-27 14:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-30 22:51 . 2012-03-14 09:32 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2012-03-14 09:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2012-03-14 09:32 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2012-03-14 09:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2012-03-14 09:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2012-01-31 19:34 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2012-03-14 09:31 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-16 07:39 . 2012-11-28 06:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 16:59 . 2012-03-14 09:32 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-10-09 17:40 . 2012-11-16 06:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 06:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-03 16:58 . 2012-11-16 06:33 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42 . 2012-11-16 06:33 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42 . 2012-11-16 06:33 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42 . 2012-11-16 06:33 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 06:33 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42 . 2012-11-16 06:33 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40 . 2012-11-16 06:33 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21 . 2012-11-16 06:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-29 18:54 . 2012-03-14 08:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 09:32 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-09-28 09:32 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-09-25 22:47 . 2012-11-16 06:33 78336 ----a-w- c:\windows\system32\synceng.dll

2012-09-24 14:38 . 2011-12-02 15:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]

"googletalk"="c:\users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-06-21 2274600]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-07-01 1138780]

"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-07-05 822944]

"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-07-05 691872]

"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-16 169528]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 37432]

"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]

"HP CoolSense"="c:\program files\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]

"Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2011-07-15 61112]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\users\Philippine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]

Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2012-3-14 1242728]

Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2012-11-20 388576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:06]

.

2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:21]

.

2012-12-18 c:\windows\Tasks\Allway Sync_{48127895C698996A45B959036C9811A2}.job

- c:\program files\Allway Sync\Bin\syncappw.exe [2011-12-09 12:00]

.

2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]

.

2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]

.

2012-12-16 c:\windows\Tasks\HPCeeScheduleForPhilippine.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.airsoftteam-specialforces.nl/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-11-14 17:52; wtxpcom@mybrowserbar.com; c:\program files\Common Files\Spigot\wtxpcom

FF - ExtSQL: 2012-11-14 17:52; pdfforge@mybrowserbar.com; c:\program files\pdfforge Toolbar\FF

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1744)

c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\WLANExt.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Allway Sync\Bin\SyncService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\CyberLink\YouCam\YCMMirage.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-18 22:09:56 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-18 21:09

.

Pre-Run: 220.107.788.288 bytes beschikbaar

Post-Run: 220.401.799.168 bytes beschikbaar

.

- - End Of File - - 67A7302B8EC40EA214FBC33B32C5F573

Hier komt de hijack log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:14:20, on 18-12-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Philippine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Special Forces

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"

O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"

O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [googletalk] C:\Users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - Startup: Dropbox.lnk = Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe

O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 11034 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

Folder::

c:\program files\Application Updater

c:\program files\pdfforge Toolbar

c:\program files\Common Files\Spigot

Firefox::

FF - ProfilePath - c:\users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\

FF - prefs.js: keyword.URL -

FF - ExtSQL: 2012-11-14 17:52; wtxpcom@mybrowserbar.com; c:\program files\Common Files\Spigot\wtxpcom

FF - ExtSQL: 2012-11-14 17:52; pdfforge@mybrowserbar.com; c:\program files\pdfforge Toolbar\FF

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

aangepast door kape
Link naar reactie
Delen op andere sites

Ok, gedaan. Hier komen de logs:ComboFix 12-12-17.02 - Philippine 19-12-2012 10:13:40.2.2 - x86Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3579.1921 [GMT 1:00]Gestart vanuit: c:\users\Philippine\Desktop\ComboFix.exegebruikte Opdracht switches :: c:\users\Philippine\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE"..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Application Updaterc:\program files\Application Updater\ApplicationUpdater.exec:\program files\Application Updater\config.inic:\program files\Common Files\Spigotc:\program files\Common Files\Spigot\Search Settings\baidu_ff.xmlc:\program files\Common Files\Spigot\Search Settings\baidu_ie.xmlc:\program files\Common Files\Spigot\Search Settings\config.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1031.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1033.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1034.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1036.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1040.inic:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xmlc:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xmlc:\program files\Common Files\Spigot\Search Settings\SearchSettings.exec:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exec:\program files\Common Files\Spigot\Search Settings\wth156.dllc:\program files\Common Files\Spigot\Search Settings\wthx156.dllc:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xmlc:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xmlc:\program files\Common Files\Spigot\Search Settings\yandex_ff.xmlc:\program files\Common Files\Spigot\Search Settings\yandex_ie.xmlc:\program files\Common Files\Spigot\wtxpcom\chrome.manifestc:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.jsc:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.xulc:\program files\Common Files\Spigot\wtxpcom\chrome\content\shared.jsmc:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifestc:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xptc:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xptc:\program files\Common Files\Spigot\wtxpcom\components\install.rdfc:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dllc:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.18c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.19c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9c:\program files\Common Files\Spigot\wtxpcom\install.rdfc:\program files\pdfforge Toolbarc:\program files\pdfforge Toolbar\FF\chrome.manifestc:\program files\pdfforge Toolbar\FF\chrome\chrome.jarc:\program files\pdfforge Toolbar\FF\install.rdfc:\program files\pdfforge Toolbar\IE\6.6\config.inic:\program files\pdfforge Toolbar\Res\amazon.gifc:\program files\pdfforge Toolbar\Res\ebay.gifc:\program files\pdfforge Toolbar\Res\facebook.gifc:\program files\pdfforge Toolbar\Res\googleplus.gifc:\program files\pdfforge Toolbar\Res\icon_settings.gifc:\program files\pdfforge Toolbar\Res\Lang\res1031.inic:\program files\pdfforge Toolbar\Res\Lang\res1033.inic:\program files\pdfforge Toolbar\Res\Lang\res1034.inic:\program files\pdfforge Toolbar\Res\Lang\res1036.inic:\program files\pdfforge Toolbar\Res\Lang\res1040.inic:\program files\pdfforge Toolbar\Res\pdfc_branding.gifc:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gifc:\program files\pdfforge Toolbar\Res\pdfc_icon.gifc:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gifc:\program files\pdfforge Toolbar\Res\radio-close.gifc:\program files\pdfforge Toolbar\Res\radio-minimize.gifc:\program files\pdfforge Toolbar\Res\radiobeta.gifc:\program files\pdfforge Toolbar\Res\search-button-hover.gifc:\program files\pdfforge Toolbar\Res\search-button.gifc:\program files\pdfforge Toolbar\Res\search-chevron-hover.gifc:\program files\pdfforge Toolbar\Res\search-chevron.gifc:\program files\pdfforge Toolbar\Res\search_amazon.gifc:\program files\pdfforge Toolbar\Res\search_baidu.gifc:\program files\pdfforge Toolbar\Res\search_ebay.gifc:\program files\pdfforge Toolbar\Res\search_yahoo.gifc:\program files\pdfforge Toolbar\Res\search_yandex.gifc:\program files\pdfforge Toolbar\Res\twitter.gifc:\program files\pdfforge Toolbar\Res\widgets.xmlc:\program files\pdfforge Toolbar\WidgiHelper.exec:\users\PHILIP~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dllc:\users\Philippine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll..(((((((((((((((((((( Bestanden Gemaakt van 2012-11-19 to 2012-12-19 ))))))))))))))))))))))))))))))..2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\vermaatjes\AppData\Local\temp2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-19 07:14 . 2012-12-19 07:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\offreg.dll2012-12-19 06:36 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\mpengine.dll2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee Security Scan2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee2012-12-18 14:30 . 2012-12-18 15:08 -------- d-----w- c:\program files\McAfee Security Scan2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iPod2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iTunes2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2012-12-17 06:37 . 2012-12-17 06:38 -------- d-----w- c:\program files\QuickTime2012-12-12 09:40 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys2012-12-07 10:00 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-12-07 09:58 . 2012-12-07 09:58 -------- d-----w- c:\program files\Bonjour2012-11-22 08:24 . 2012-11-22 08:24 8795216 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE2012-11-20 21:58 . 2012-11-21 06:39 -------- d-----w- c:\program files\Mozilla Thunderbird...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-12 16:21 . 2012-04-10 05:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-12 16:21 . 2011-08-27 14:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-10-30 22:51 . 2012-03-14 09:32 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-10-30 22:51 . 2012-03-14 09:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-10-30 22:51 . 2012-03-14 09:32 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-10-30 22:51 . 2012-03-14 09:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2012-10-30 22:51 . 2012-03-14 09:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-10-30 22:51 . 2012-01-31 19:34 41224 ----a-w- c:\windows\avastSS.scr2012-10-30 22:50 . 2012-03-14 09:31 227648 ----a-w- c:\windows\system32\aswBoot.exe2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts2012-10-16 07:39 . 2012-11-28 06:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll2012-10-15 16:59 . 2012-03-14 09:32 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2012-10-09 17:40 . 2012-11-16 06:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll2012-10-09 17:40 . 2012-11-16 06:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll2012-10-03 16:58 . 2012-11-16 06:33 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-10-03 16:42 . 2012-11-16 06:33 242176 ----a-w- c:\windows\system32\nlasvc.dll2012-10-03 16:42 . 2012-11-16 06:33 52224 ----a-w- c:\windows\system32\nlaapi.dll2012-10-03 16:42 . 2012-11-16 06:33 175104 ----a-w- c:\windows\system32\netcorehc.dll2012-10-03 16:42 . 2012-11-16 06:33 18944 ----a-w- c:\windows\system32\netevent.dll2012-10-03 16:42 . 2012-11-16 06:33 156672 ----a-w- c:\windows\system32\ncsi.dll2012-10-03 16:40 . 2012-11-16 06:33 499712 ----a-w- c:\windows\system32\iphlpsvc.dll2012-10-03 15:21 . 2012-11-16 06:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2012-09-29 18:54 . 2012-03-14 08:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-28 09:32 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll2012-09-28 09:32 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys2012-09-25 22:47 . 2012-11-16 06:33 78336 ----a-w- c:\windows\system32\synceng.dll2012-09-24 14:38 . 2011-12-02 15:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]"googletalk"="c:\users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-06-21 2274600]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-07-01 1138780]"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-07-05 822944]"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-07-05 691872]"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-16 169528]"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 37432]"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]"HP CoolSense"="c:\program files\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]"Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2011-07-15 61112]"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896].c:\users\Philippine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2012-3-14 1242728]Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2012-11-20 388576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"HideFastUserSwitching"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"EnableShellExecuteHooks"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]..Inhoud van de 'Gedeelde Taken' map.2012-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:06].2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:21].2012-12-18 c:\windows\Tasks\Allway Sync_{48127895C698996A45B959036C9811A2}.job- c:\program files\Allway Sync\Bin\syncappw.exe [2011-12-09 12:00].2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32].2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32].2012-12-16 c:\windows\Tasks\HPCeeScheduleForPhilippine.job- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]..------- Bijkomende Scan -------.uStart Page = hxxp://www.airsoftteam-specialforces.nl/uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.2.254FF - ProfilePath - c:\users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2012-11-14 17:52; wtxpcom@mybrowserbar.com; c:\program files\Common Files\Spigot\wtxpcomFF - ExtSQL: 2012-11-14 17:52; pdfforge@mybrowserbar.com; c:\program files\pdfforge Toolbar\FF..--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Geladen Onder Lopende Processen ---------------------.- - - - - - - > 'Explorer.exe'(4064)c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.------------------------ Andere Aktieve Processen ------------------------.c:\program files\IDT\WDM\STacSV.exec:\windows\system32\atieclxx.exec:\program files\AVAST Software\Avast\AvastSvc.exec:\windows\system32\WLANExt.exec:\windows\system32\conhost.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Allway Sync\Bin\SyncService.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\servicing\TrustedInstaller.exec:\windows\System32\WUDFHost.exec:\windows\system32\taskhost.exec:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\windows\system32\conhost.exec:\windows\system32\sppsvc.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\CyberLink\YouCam\YCMMirage.exec:\windows\system32\DllHost.exe.**************************************************************************.Voltooingstijd: 2012-12-19 10:38:17 - machine werd herstartComboFix-quarantined-files.txt 2012-12-19 09:38ComboFix2.txt 2012-12-18 21:09.Pre-Run: 219.912.073.216 bytes beschikbaarPost-Run: 219.870.289.920 bytes beschikbaar.- - End Of File - - C06C8463094BD5891E61712B2450B1F8Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:43:11, on 19-12-2012Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16457)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskeng.exeC:\Program Files\CyberLink\YouCam\YCMMirage.exeC:\Windows\Explorer.exeC:\Windows\system32\notepad.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Users\Philippine\Desktop\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.airsoftteam-specialforces.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllO3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exeO4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeO4 - HKLM\..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exeO4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exeO4 - HKLM\..\Run: [HP CoolSense] C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyO4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exeO4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeO4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiO4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"O4 - HKCU\..\Run: [googletalk] C:\Users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostartO4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeO4 - Startup: Dropbox.lnk = Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exeO4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exeO4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exeO4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exeO9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exeO23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exeO23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exeO23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exeO23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exeO23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeO23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exeO23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exeO23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeO23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exeO23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe--End of file - 10669 bytes

Link naar reactie
Delen op andere sites

Dit is bijna onwerkbaar ... kan je eens proberen het log van Combofix beter te schikken in een kladblok.

Ga naar Start - Uitvoeren en tik in: notepad.exe

Klik op OK.

Ga in Kladblok naar Opmaak, en haal het vinkje weg voor "Automatische terugloop".

Sluit Kladblok terug af.

Link naar reactie
Delen op andere sites

Het stond idd helemaal door elkaar nadat ik de reactie geupload had. Hier komt ie nog een keer, lijkt nu goed te staan. Zo niet, dan ga ik de kladblok methode proberen. Sorry!

ComboFix 12-12-17.02 - Philippine 19-12-2012 10:13:40.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3579.1921 [GMT 1:00]

Gestart vanuit: c:\users\Philippine\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Philippine\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Application Updater

c:\program files\Application Updater\ApplicationUpdater.exe

c:\program files\Application Updater\config.ini

c:\program files\Common Files\Spigot

c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml

c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml

c:\program files\Common Files\Spigot\Search Settings\config.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini

c:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xml

c:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xml

c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

c:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exe

c:\program files\Common Files\Spigot\Search Settings\wth156.dll

c:\program files\Common Files\Spigot\Search Settings\wthx156.dll

c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml

c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml

c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml

c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml

c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest

c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.js

c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.xul

c:\program files\Common Files\Spigot\wtxpcom\chrome\content\shared.jsm

c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest

c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt

c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt

c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.18

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.19

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9

c:\program files\Common Files\Spigot\wtxpcom\install.rdf

c:\program files\pdfforge Toolbar

c:\program files\pdfforge Toolbar\FF\chrome.manifest

c:\program files\pdfforge Toolbar\FF\chrome\chrome.jar

c:\program files\pdfforge Toolbar\FF\install.rdf

c:\program files\pdfforge Toolbar\IE\6.6\config.ini

c:\program files\pdfforge Toolbar\Res\amazon.gif

c:\program files\pdfforge Toolbar\Res\ebay.gif

c:\program files\pdfforge Toolbar\Res\facebook.gif

c:\program files\pdfforge Toolbar\Res\googleplus.gif

c:\program files\pdfforge Toolbar\Res\icon_settings.gif

c:\program files\pdfforge Toolbar\Res\Lang\res1031.ini

c:\program files\pdfforge Toolbar\Res\Lang\res1033.ini

c:\program files\pdfforge Toolbar\Res\Lang\res1034.ini

c:\program files\pdfforge Toolbar\Res\Lang\res1036.ini

c:\program files\pdfforge Toolbar\Res\Lang\res1040.ini

c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif

c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif

c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif

c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif

c:\program files\pdfforge Toolbar\Res\radio-close.gif

c:\program files\pdfforge Toolbar\Res\radio-minimize.gif

c:\program files\pdfforge Toolbar\Res\radiobeta.gif

c:\program files\pdfforge Toolbar\Res\search-button-hover.gif

c:\program files\pdfforge Toolbar\Res\search-button.gif

c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif

c:\program files\pdfforge Toolbar\Res\search-chevron.gif

c:\program files\pdfforge Toolbar\Res\search_amazon.gif

c:\program files\pdfforge Toolbar\Res\search_baidu.gif

c:\program files\pdfforge Toolbar\Res\search_ebay.gif

c:\program files\pdfforge Toolbar\Res\search_yahoo.gif

c:\program files\pdfforge Toolbar\Res\search_yandex.gif

c:\program files\pdfforge Toolbar\Res\twitter.gif

c:\program files\pdfforge Toolbar\Res\widgets.xml

c:\program files\pdfforge Toolbar\WidgiHelper.exe

c:\users\PHILIP~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\users\Philippine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-19 to 2012-12-19 ))))))))))))))))))))))))))))))

.

.

2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\vermaatjes\AppData\Local\temp

2012-12-19 09:29 . 2012-12-19 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-19 07:14 . 2012-12-19 07:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\offreg.dll

2012-12-19 06:36 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38EF86E6-D6DB-468E-AD44-82AE33302ABA}\mpengine.dll

2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee Security Scan

2012-12-18 14:30 . 2012-12-18 14:30 -------- d-----w- c:\programdata\McAfee

2012-12-18 14:30 . 2012-12-18 15:08 -------- d-----w- c:\program files\McAfee Security Scan

2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iPod

2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-17 06:44 . 2012-12-17 06:44 -------- d-----w- c:\program files\iTunes

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-17 06:38 . 2012-12-17 06:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-12-17 06:37 . 2012-12-17 06:38 -------- d-----w- c:\program files\QuickTime

2012-12-12 09:40 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-12-07 10:00 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-07 09:58 . 2012-12-07 09:58 -------- d-----w- c:\program files\Bonjour

2012-11-22 08:24 . 2012-11-22 08:24 8795216 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

2012-11-20 21:58 . 2012-11-21 06:39 -------- d-----w- c:\program files\Mozilla Thunderbird

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:21 . 2012-04-10 05:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 16:21 . 2011-08-27 14:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-30 22:51 . 2012-03-14 09:32 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2012-03-14 09:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2012-03-14 09:32 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2012-03-14 09:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2012-03-14 09:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2012-01-31 19:34 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2012-03-14 09:31 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-16 07:39 . 2012-11-28 06:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 16:59 . 2012-03-14 09:32 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-10-09 17:40 . 2012-11-16 06:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 06:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-03 16:58 . 2012-11-16 06:33 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42 . 2012-11-16 06:33 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42 . 2012-11-16 06:33 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42 . 2012-11-16 06:33 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 06:33 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42 . 2012-11-16 06:33 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40 . 2012-11-16 06:33 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21 . 2012-11-16 06:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-29 18:54 . 2012-03-14 08:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 09:32 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-09-28 09:32 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-09-25 22:47 . 2012-11-16 06:33 78336 ----a-w- c:\windows\system32\synceng.dll

2012-09-24 14:38 . 2011-12-02 15:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-10-18 21:52 94208 ----a-w- c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]

"googletalk"="c:\users\Philippine\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-06-21 2274600]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-07-01 1138780]

"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-07-05 822944]

"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-07-05 691872]

"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-16 169528]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 37432]

"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]

"HP CoolSense"="c:\program files\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]

"Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2011-07-15 61112]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\users\Philippine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Philippine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]

Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2012-3-14 1242728]

Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2012-11-20 388576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 17:06]

.

2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:21]

.

2012-12-18 c:\windows\Tasks\Allway Sync_{48127895C698996A45B959036C9811A2}.job

- c:\program files\Allway Sync\Bin\syncappw.exe [2011-12-09 12:00]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-14 09:32]

.

2012-12-16 c:\windows\Tasks\HPCeeScheduleForPhilippine.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.airsoftteam-specialforces.nl/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\Philippine\AppData\Roaming\Mozilla\Firefox\Profiles\bg5vi984.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-11-14 17:52; wtxpcom@mybrowserbar.com; c:\program files\Common Files\Spigot\wtxpcom

FF - ExtSQL: 2012-11-14 17:52; pdfforge@mybrowserbar.com; c:\program files\pdfforge Toolbar\FF

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(4064)

c:\users\Philippine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\atieclxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Allway Sync\Bin\SyncService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\CyberLink\YouCam\YCMMirage.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-19 10:38:17 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-19 09:38

ComboFix2.txt 2012-12-18 21:09

.

Pre-Run: 219.912.073.216 bytes beschikbaar

Post-Run: 219.870.289.920 bytes beschikbaar

.

- - End Of File - - C06C8463094BD5891E61712B2450B1F8

Link naar reactie
Delen op andere sites

De fix is niet helmaal gegaan zoals gepland :sad

Download AdwCleaner by Xplode naar je bureaublad.

A3qkP9RCEAAOZhQ.jpg

  • Sluit alle openstaande vensters.
  • Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Voor XP: Gewoon dubbelklikken op AdwCleaner.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht, samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.