Ga naar inhoud

Hijack log


Aanbevolen berichten

Wie kan me helpen. Mijn PC loopt steeds na een poosje vasat en heb al verschillende progjes gebruikt, maar nergens een foutmelding. Weet ook nog niet of het software of hardware is wat het probleem veroorzaakt.

Wellicht kan iemand ahv het logbestand de oorzaak achterhalen.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:40:29, on 27-7-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16490)

Boot mode: Normal

Running processes:

C:\Users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iStage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Dropbox.lnk = Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: MailWasherPro.lnk = C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - Automatically Find HP Updates | HP Support

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: RtlService - Realtek - C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8529 bytes

Link naar reactie
Delen op andere sites

  • Reacties 58
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Probeer dit eens.

Download 51a612a8b27e2-Zoek.pngzoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    emptyclsid;
    firefoxlook; 
    Chromelook; 
    autoclean; 
    iedefaults; 
    


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.4 Updated 26-07-2013

Tool run by Andries on za 27-07-2013 at 16:43:40,57.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Andries\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

27-7-2013 16:44:44 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Users\Public\sdelevURL.tmp" deleted

"C:\Users\Andries\AppData\Roaming\Aras\yqbi.laa" deleted

"C:\Users\Andries\AppData\Roaming\Aras\yqbi.tmp" deleted

"C:\Users\Andries\AppData\Roaming\Yfsi\agha.tmp" deleted

"C:\Users\Andries\AppData\Roaming\Yfsi\agha.yne" deleted

"C:\Users\Andries\AppData\Roaming\Aras" deleted

"C:\Users\Andries\AppData\Roaming\Yfsi" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[12-07-2013 14:38]

Skype for Chromium - Andries - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="iStage"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="iStage"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{2880A8EC-F9E6-4203-87B9-57C58621F174}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{2880A8EC-F9E6-4203-87B9-57C58621F174} Google Url="{searchTerms - Google zoeken}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Andries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Andries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Andries\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Andries\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Andries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Link naar reactie
Delen op andere sites

Download 51a5bf3d99e8a-ComboFixlogo16.pngComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.

Link naar reactie
Delen op andere sites

ComboFix 13-07-27.01 - Andries 27-07-2013 20:09:41.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.7693.5754 [GMT 2:00]

Gestart vanuit: D:\Download\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Andries\AppData\Local\Temp\{53C72472-E2C5-4AA8-BE14-B2BDA7EA8CD5}\fpb.tmp

C:\Users\Andries\AppData\Roaming\moka

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBook.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBookImages.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Calendar.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\call_history.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Info.plist

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\notes.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\sms.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\158x158.ithmb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBook.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBookImages.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748-preview-left.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666-preview-left.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Calendar.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\call_history.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Info.plist

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Manifest.mbdb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\notes.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Photos.sqlite

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\PhotosAux.sqlite

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\sms.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Thumbs.THM

C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer

C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer\Update.exe

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 ))))))))))))))))))))))))))))))

2013-07-27 18:12:07 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-07-27 14:51:31 . 2013-07-02 08:34:27 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-27 14:46:27 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Andries\AppData\Local\Temp

2013-07-27 14:46:27 . 2013-07-27 14:43:39 24064 ----a-w- C:\Windows\zoek-delete.exe

2013-07-27 12:35:19 . 2013-07-27 12:35:20 388096 ----a-r- C:\Users\Andries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-27 12:35:19 . 2013-07-27 12:35:19 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-07-26 18:48:53 . 2013-07-26 18:48:20 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{410F4D8B-27BC-468F-BC57-76794736708E}\gapaengine.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-07-27 16:00:23 . 2011-11-17 14:44:45 78185248 ----a-w- C:\Windows\system32\MRT.exe

2013-06-21 17:50:04 . 2012-02-10 08:47:58 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-29 07:46:52 . 2013-05-29 07:46:52 204932 ----a-r- C:\Windows\SysWow64\MSPOS_USB.dll

2013-05-13 05:51:01 . 2013-06-21 21:31:05 184320 ----a-w- C:\Windows\system32\cryptsvc.dll

2013-05-13 05:51:00 . 2013-06-21 21:31:05 1464320 ----a-w- C:\Windows\system32\crypt32.dll

2013-05-13 05:51:00 . 2013-06-21 21:31:05 139776 ----a-w- C:\Windows\system32\cryptnet.dll

2013-05-13 05:50:40 . 2013-06-21 21:31:05 52224 ----a-w- C:\Windows\system32\certenc.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 . 2013-06-21 21:31:05 1192448 ----a-w- C:\Windows\system32\certutil.exe

2013-05-13 03:08:10 . 2013-06-21 21:31:05 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 . 2013-06-21 21:31:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 . 2013-06-21 21:31:12 30720 ----a-w- C:\Windows\system32\cryptdlg.dll

2013-05-10 03:20:54 . 2013-06-21 21:31:12 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 . 2013-06-21 21:31:11 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-05-02 15:29:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

Link naar reactie
Delen op andere sites

ComboFix 13-07-27.01 - Andries 27-07-2013 20:09:41.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.7693.5754 [GMT 2:00]

Gestart vanuit: D:\Download\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Andries\AppData\Local\Temp\{53C72472-E2C5-4AA8-BE14-B2BDA7EA8CD5}\fpb.tmp

C:\Users\Andries\AppData\Roaming\moka

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBook.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBookImages.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Calendar.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\call_history.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Info.plist

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\notes.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\sms.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\158x158.ithmb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBook.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBookImages.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748-preview-left.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666-preview-left.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Calendar.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\call_history.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Info.plist

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Manifest.mbdb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\notes.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Photos.sqlite

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\PhotosAux.sqlite

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\sms.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Thumbs.THM

C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer

C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer\Update.exe

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 ))))))))))))))))))))))))))))))

2013-07-27 18:12:07 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-07-27 14:51:31 . 2013-07-02 08:34:27 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-27 14:46:27 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Andries\AppData\Local\Temp

2013-07-27 14:46:27 . 2013-07-27 14:43:39 24064 ----a-w- C:\Windows\zoek-delete.exe

2013-07-27 12:35:19 . 2013-07-27 12:35:20 388096 ----a-r- C:\Users\Andries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-27 12:35:19 . 2013-07-27 12:35:19 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-07-26 18:48:53 . 2013-07-26 18:48:20 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{410F4D8B-27BC-468F-BC57-76794736708E}\gapaengine.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-07-27 16:00:23 . 2011-11-17 14:44:45 78185248 ----a-w- C:\Windows\system32\MRT.exe

2013-06-21 17:50:04 . 2012-02-10 08:47:58 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-29 07:46:52 . 2013-05-29 07:46:52 204932 ----a-r- C:\Windows\SysWow64\MSPOS_USB.dll

2013-05-13 05:51:01 . 2013-06-21 21:31:05 184320 ----a-w- C:\Windows\system32\cryptsvc.dll

2013-05-13 05:51:00 . 2013-06-21 21:31:05 1464320 ----a-w- C:\Windows\system32\crypt32.dll

2013-05-13 05:51:00 . 2013-06-21 21:31:05 139776 ----a-w- C:\Windows\system32\cryptnet.dll

2013-05-13 05:50:40 . 2013-06-21 21:31:05 52224 ----a-w- C:\Windows\system32\certenc.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 . 2013-06-21 21:31:05 1192448 ----a-w- C:\Windows\system32\certutil.exe

2013-05-13 03:08:10 . 2013-06-21 21:31:05 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 . 2013-06-21 21:31:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 . 2013-06-21 21:31:12 30720 ----a-w- C:\Windows\system32\cryptdlg.dll

2013-05-10 03:20:54 . 2013-06-21 21:31:12 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 . 2013-06-21 21:31:11 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-05-02 15:29:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 09:10:12 284440]

C:\Users\Andries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - C:\Users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

MailWasherPro.lnk - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2011-10-5 5385552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

R1 mcnialzh;mcnialzh;C:\Windows\system32\drivers\mcnialzh.sys;C:\Windows\SYSNATIVE\drivers\mcnialzh.sys [x]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys;C:\Windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys;C:\Windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys;C:\Windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe;C:\Program Files\Microsoft Security Client\NisSrv.exe [x]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys;C:\Windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x]

S2 RtlService;RtlService;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys;C:\Windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys;C:\Windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys;C:\Windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

Inhoud van de 'Gedeelde Taken' map

2013-07-27 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:32:25 . 2012-04-19 07:32:25]

2013-07-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000Core.job

- C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01:51 . 2011-11-30 15:01:50]

2013-07-27 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000UA.job

- C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01:51 . 2011-11-30 15:01:50]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 10:34:16 1281512]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-12-14 01:42:14 172144]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-12-14 01:42:10 399984]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-12-14 01:42:14 441968]

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = hxxp://istage.nl/

mLocal Page = C:\Windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.