Tisnetwerruk

Lid

Bekijk profiel Bekijk hun activiteit

Items
21
Registratiedatum
20 mei 2012
Laatst bezocht
8 juli 2012

Tisnetwerruk's prestaties

Leerling (3/14)

Recente badges

Reputatie

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Dank je wel, zo goed als opgelost. Af en toe nog wat gekkigheden, maar het hoofdprobleem is weg. Groetjes TNW
- 8 juli 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hoi HOi, Heb je nog advies, of is het zo klaar?. Ben benieuwd alvast bedankt. TNW
- 13 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hallo kweezie Wabbit, Beide geprobeerd uit te voeren. Op de eerste kwamen veel foutmeldingen : Fail 5, niet aanwezig etc. Bij de tweede kom ik er niet uit. Mijn windowsversie correspondeert niet met jouw instructie. Windows 7 professional. Ik ben bij Internet Options - Advanced geweest en heb daar : Enable third partie browser extensies uitgevinkt. Verder heb ik bij GEneral - Search - onder Settings - bij manage addons - staat babylon als default. Ik heb hem nu in prioriteit gemoved naar 5, en Babylon disabled. En bij search de adress bar uitgevinkt. Deleten daar lukt niet. Ben benieuwd of dit goed is. Tisnetwerruk.
- 7 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Ook nu nog na deze combofix, zie log hierboven gebeurt het volgende. Hij reroute mijn commando www.aegeanair.com getypt in de internet balk bovenin naar https://search.babylon.com/?aegeanair bla bla bla. En krijg ik het babylon icoontje vooraan in mijn search balk. Alleen als ik telkens in de google zoekbalk, dus midden in het scherm iets intype en niet direct in de bovenste balk, blijft babylon slapen.... Wat betekent dit... voor onze acties tot nu toe?? TNW
- 6 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hierbij de combofix log. Ben benieuwd. TNW. ComboFix 12-06-05.04 - BvdGroen 06-06-2012 11:45:39.6.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2414 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))) . . 2012-06-06 09:55 . 2012-06-06 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-01 09:12 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AF5A79-AA87-44E2-BAB6-729214F3C03C}\mpengine.dll 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\programdata\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-06-03_12.02.15 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-14 22:21 . 2012-06-06 08:02 55894 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-06 08:02 37384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30 . 2012-06-06 08:02 13036 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2009-12-01 10:22 . 2012-06-06 09:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22 . 2012-06-03 09:47 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22 . 2012-06-03 09:47 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-01 10:22 . 2012-06-06 09:25 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-06 09:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-03 09:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-11-07 13:18 . 2012-06-03 12:33 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-05-14 22:15 . 2012-06-02 13:48 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-05-14 22:15 . 2012-06-05 21:52 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-06-03 09:18 . 2012-06-03 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-06 07:56 . 2012-06-06 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-06 07:56 . 2012-06-06 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-03 09:18 . 2012-06-03 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44 . 2012-06-05 19:48 303576 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-06-06 08:02 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-03 09:22 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-03 09:22 106622 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-06-06 08:02 106622 c:\windows\system32\perfc009.dat - 2009-07-14 04:46 . 2012-05-19 09:58 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-06-06 08:00 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-06-05 07:24 . 2012-06-05 07:24 237288 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm26.bin + 2009-07-14 05:01 . 2012-06-05 21:52 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-02 13:48 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:45 . 2012-06-05 14:35 7350914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-05-13 12:52 7350914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-12-01 10:52 . 2012-06-05 21:52 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52 . 2012-06-02 13:48 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25 . 2012-06-05 21:52 7329932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat - 2009-07-14 02:34 . 2012-05-13 12:45 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-06-05 07:34 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);c:\windows\TEMP\008724~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.254 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-06-06 12:16:11 ComboFix-quarantined-files.txt 2012-06-06 10:16 ComboFix2.txt 2012-06-02 13:26 ComboFix3.txt 2012-05-22 07:41 ComboFix4.txt 2012-05-21 22:34 ComboFix5.txt 2012-06-03 11:17 . Pre-Run: 374.112.165.888 bytes free Post-Run: 374.341.562.368 bytes free . - - End Of File - - 3635B324090D72F23C9D3A3DC06CCB17
- 6 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hierbij het hijacklog, Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:54:37, on 5-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430232735.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: McAfee Application Installer Cleanup (0087241338716831) (0087241338716831mcinstcleanup) - Unknown owner - C:\Windows\TEMP\008724~1.EXE (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Qualcomm Gobi 2000 Download Service (Sony) (QDLService2kSony) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\OneClickInternet\WTGService.exe -- End of file - 12889 bytes
- 5 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hoi ik weet niet wat ik fout gedaan heb. Misschien met de laatste combofix run, verkeerd herstelpunt, maar af en toe pakt hij toch weer een babylon search opdracht, als ik rechtstreeks iets intyp in de zoekbalk. Moet ik toch combofix deleten? Babylon is niet weg! Hellup.... verdorrie. TNW
- 5 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hoi de aangegeven mappen gedeleted. Ik begreep je instructie voor combofix verwijderen niet goed. Ik dacht dat ik combofix eerst moest opstarten (als administator met alle virusscanners weer uit). Dat gedaan en wilde toen je tekst plakken, maar hij was uiteraard aan het runnen. Ik heb hem netjes laten lopen Hierbij voor de zekerheid het logfile, voor het geval ik nu iets fouts gedaan heb, met het maken van een nieuw systeemherstel punt. De gewraakte files zijn wel allemaal weg, dus dat is goed gebleven. Moet ik via het Windows icoon , links onder in mijn toolbalk een venster openen, waar hij naar mappen en bestanden kan zoeken (met het loepje icoon) en dan het combofix uninstall tekst intypen, zoals aangegeven. (Hij staat inderdaad niet bij uninstall programs binnen windows omgevings -dus zo gaat dat niet)?? ik hoor het graag! TNW. ComboFix 12-06-02.02 - BvdGroen 03-06-2012 13:19:27.5.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2549 [GMT 2:00] Gestart vanuit: C:\Users\BvdGroen\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((( Bestanden Gemaakt van 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))) 2012-06-03 12:01:33 . 2012-06-03 12:01:33 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-05-20 13:28:56 . 2012-05-20 13:28:56 -------- d-----w- C:\Users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28:44 . 2012-05-20 13:28:44 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-20 13:28:43 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-05-20 13:28:42 . 2012-05-20 13:28:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07:00 . 2012-05-20 13:07:00 388096 ----a-r- C:\Users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06:58 . 2012-05-20 13:06:58 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-05-20 12:41:39 . 2012-05-20 12:56:41 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-05-20 11:44:40 . 2012-05-20 11:44:46 -------- d-----w- C:\Program Files\CCleaner 2012-05-19 22:35:08 . 2012-05-19 22:35:08 -------- d-----w- C:\Windows\system32\appmgmt 2012-05-11 07:26:24 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll 2012-05-11 07:26:23 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 07:26:20 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-05-11 07:26:19 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys 2012-05-11 07:26:18 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26:17 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25:42 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys 2012-05-11 07:25:26 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-05-11 07:25:22 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 07:25:22 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:21 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25:21 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:20 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-05-06 18:54:23 . 2012-04-04 07:01:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54:23 . 2011-11-07 13:09:35 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54:13 . 2012-04-15 20:54:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11:30 . 2012-01-03 19:10:37 162192 ----a-w- C:\Windows\system32\mfevtps.exe ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) + 2010-05-14 22:21:04 . 2012-06-03 09:20:55 55862 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10:35 . 2012-06-03 09:20:54 37360 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30:05 . 2012-06-03 09:20:54 12784 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2009-12-01 10:22:08 . 2012-06-03 09:47:12 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22:08 . 2012-05-21 13:03:57 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22:07 . 2012-06-03 09:47:12 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-01 10:22:07 . 2012-05-21 13:03:57 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54:19 . 2012-06-03 09:47:12 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54:19 . 2012-05-21 13:03:57 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-03 08:45:08 . 2012-01-03 08:45:08 16832 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll + 2012-01-03 21:51:18 . 2012-01-03 21:51:18 37296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe + 2012-01-03 08:44:22 . 2012-01-03 08:44:22 79280 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll + 2012-01-03 21:15:18 . 2012-01-03 21:15:18 99776 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe + 2012-01-03 20:52:40 . 2012-01-03 20:52:40 27048 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe + 2012-01-03 07:19:16 . 2012-01-03 07:19:16 16824 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe + 2012-01-03 07:16:32 . 2012-01-03 07:16:32 75200 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll + 2012-01-03 07:16:38 . 2012-01-03 07:16:38 61888 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll - 2011-11-07 13:18:25 . 2012-05-19 22:57:54 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2011-11-07 13:18:25 . 2012-05-21 22:51:04 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 9560 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 4280 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 2456 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin + 2010-05-14 22:15:07 . 2012-06-02 13:48:40 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2010-05-14 22:15:07 . 2012-05-20 21:55:01 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44:46 . 2012-06-03 10:47:37 303528 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 616242 C:\Windows\system32\perfh009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 616242 C:\Windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 05:01:48 . 2012-05-20 21:55:00 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01:48 . 2012-06-02 13:48:40 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-01 09:14:28 . 2012-06-01 09:14:28 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe - 2009-12-01 10:36:32 . 2009-12-01 10:36:32 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2012-01-03 07:23:56 . 2012-01-03 07:23:56 378264 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll + 2012-01-03 07:22:02 . 2012-01-03 07:22:02 103864 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll + 2012-01-03 08:43:50 . 2012-01-03 08:43:50 550360 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe + 2012-01-03 07:40:46 . 2012-01-03 07:40:46 120240 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll + 2012-01-03 21:50:30 . 2012-01-03 21:50:30 357808 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe + 2012-01-03 07:16:48 . 2012-01-03 07:16:48 665008 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll + 2012-01-03 08:38:04 . 2012-01-03 08:38:04 280024 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe + 2012-01-03 08:08:10 . 2012-01-03 08:08:10 251296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe + 2009-12-01 10:52:02 . 2012-06-02 13:48:40 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52:02 . 2012-05-20 21:55:17 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25:13 . 2012-06-02 13:48:40 5781092 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2012-03-27 15:47:55 . 2012-03-27 15:47:55 4959232 C:\Windows\Installer\2499f.msp + 2012-01-03 07:18:24 . 2012-01-03 07:18:24 2405784 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll + 2011-11-17 15:50:50 . 2011-11-17 15:50:50 6543872 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll + 2011-11-02 12:20:16 . 2012-05-21 22:51:05 26122028 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat + 2012-01-03 21:15:12 . 2012-01-03 21:15:12 20559288 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll -- Snapshot teruggezet naar huidige datum -- ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 22:25:22 284696] "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 13:40:22 316784] "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 17:22:44 538472] "MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 10:41:29 26624] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-21 19:18:44 1675160] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712] "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);C:\Windows\TEMP\008724~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 04:49:14 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 18:54:25 257696] R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 04:49:04 313840] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 22:25:24 13336] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 10:56:24 210584] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 11:24:38 330488] S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 04:36:18 259192] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 20:52:04 2320920] S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 06:46:06 845312] S2 WTGService;WTGService;C:\Program Files (x86)\OneClickInternet\WTGService.exe [2010-03-15 16:53:18 316880] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 15:10:10 574320] S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 12:23:50 44736] S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 08:55:10 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mfeavfk01 Inhoud van de 'Gedeelde Taken' map 2012-06-03 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:01:05 . 2012-05-06 18:54:25] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-03-08 20:05:40 166424] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-03-08 20:04:28 391192] "Persistence"="C:\Windows\system32\igfxpers.exe" [2010-03-08 20:05:23 410648] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2010-02-22 19:51:00 16397416] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 09:43:18 9650720] "SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-10-29 16:28:50 84744] ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.156.0.1 ComboFix 12-06-02.02 - BvdGroen 03-06-2012 13:19:27.5.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2549 [GMT 2:00] Gestart vanuit: C:\Users\BvdGroen\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((( Bestanden Gemaakt van 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))) 2012-06-03 12:01:33 . 2012-06-03 12:01:33 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-05-20 13:28:56 . 2012-05-20 13:28:56 -------- d-----w- C:\Users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28:44 . 2012-05-20 13:28:44 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-20 13:28:43 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-05-20 13:28:42 . 2012-05-20 13:28:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07:00 . 2012-05-20 13:07:00 388096 ----a-r- C:\Users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06:58 . 2012-05-20 13:06:58 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-05-20 12:41:39 . 2012-05-20 12:56:41 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-05-20 11:44:40 . 2012-05-20 11:44:46 -------- d-----w- C:\Program Files\CCleaner 2012-05-19 22:35:08 . 2012-05-19 22:35:08 -------- d-----w- C:\Windows\system32\appmgmt 2012-05-11 07:26:24 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll 2012-05-11 07:26:23 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 07:26:20 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-05-11 07:26:19 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys 2012-05-11 07:26:18 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26:17 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25:42 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys 2012-05-11 07:25:26 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-05-11 07:25:22 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 07:25:22 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:21 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25:21 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:20 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-05-06 18:54:23 . 2012-04-04 07:01:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54:23 . 2011-11-07 13:09:35 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54:13 . 2012-04-15 20:54:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11:30 . 2012-01-03 19:10:37 162192 ----a-w- C:\Windows\system32\mfevtps.exe ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) + 2010-05-14 22:21:04 . 2012-06-03 09:20:55 55862 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10:35 . 2012-06-03 09:20:54 37360 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30:05 . 2012-06-03 09:20:54 12784 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2009-12-01 10:22:08 . 2012-06-03 09:47:12 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22:08 . 2012-05-21 13:03:57 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22:07 . 2012-06-03 09:47:12 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-01 10:22:07 . 2012-05-21 13:03:57 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54:19 . 2012-06-03 09:47:12 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54:19 . 2012-05-21 13:03:57 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-03 08:45:08 . 2012-01-03 08:45:08 16832 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll + 2012-01-03 21:51:18 . 2012-01-03 21:51:18 37296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe + 2012-01-03 08:44:22 . 2012-01-03 08:44:22 79280 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll + 2012-01-03 21:15:18 . 2012-01-03 21:15:18 99776 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe + 2012-01-03 20:52:40 . 2012-01-03 20:52:40 27048 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe + 2012-01-03 07:19:16 . 2012-01-03 07:19:16 16824 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe + 2012-01-03 07:16:32 . 2012-01-03 07:16:32 75200 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll + 2012-01-03 07:16:38 . 2012-01-03 07:16:38 61888 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll - 2011-11-07 13:18:25 . 2012-05-19 22:57:54 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2011-11-07 13:18:25 . 2012-05-21 22:51:04 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 9560 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 4280 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 2456 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin + 2010-05-14 22:15:07 . 2012-06-02 13:48:40 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2010-05-14 22:15:07 . 2012-05-20 21:55:01 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44:46 . 2012-06-03 10:47:37 303528 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 616242 C:\Windows\system32\perfh009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 616242 C:\Windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 05:01:48 . 2012-05-20 21:55:00 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01:48 . 2012-06-02 13:48:40 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-01 09:14:28 . 2012-06-01 09:14:28 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe - 2009-12-01 10:36:32 . 2009-12-01 10:36:32 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2012-01-03 07:23:56 . 2012-01-03 07:23:56 378264 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll + 2012-01-03 07:22:02 . 2012-01-03 07:22:02 103864 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll + 2012-01-03 08:43:50 . 2012-01-03 08:43:50 550360 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe + 2012-01-03 07:40:46 . 2012-01-03 07:40:46 120240 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll + 2012-01-03 21:50:30 . 2012-01-03 21:50:30 357808 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe + 2012-01-03 07:16:48 . 2012-01-03 07:16:48 665008 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll + 2012-01-03 08:38:04 . 2012-01-03 08:38:04 280024 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe + 2012-01-03 08:08:10 . 2012-01-03 08:08:10 251296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe + 2009-12-01 10:52:02 . 2012-06-02 13:48:40 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52:02 . 2012-05-20 21:55:17 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25:13 . 2012-06-02 13:48:40 5781092 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2012-03-27 15:47:55 . 2012-03-27 15:47:55 4959232 C:\Windows\Installer\2499f.msp + 2012-01-03 07:18:24 . 2012-01-03 07:18:24 2405784 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll + 2011-11-17 15:50:50 . 2011-11-17 15:50:50 6543872 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll + 2011-11-02 12:20:16 . 2012-05-21 22:51:05 26122028 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat + 2012-01-03 21:15:12 . 2012-01-03 21:15:12 20559288 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll -- Snapshot teruggezet naar huidige datum -- ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 22:25:22 284696] "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 13:40:22 316784] "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 17:22:44 538472] "MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 10:41:29 26624] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-21 19:18:44 1675160] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712] "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);C:\Windows\TEMP\008724~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 04:49:14 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 18:54:25 257696] R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 04:49:04 313840] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 22:25:24 13336] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 10:56:24 210584] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 11:24:38 330488] S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 04:36:18 259192] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 20:52:04 2320920] S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 06:46:06 845312] S2 WTGService;WTGService;C:\Program Files (x86)\OneClickInternet\WTGService.exe [2010-03-15 16:53:18 316880] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 15:10:10 574320] S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 12:23:50 44736] S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 08:55:10 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mfeavfk01 Inhoud van de 'Gedeelde Taken' map 2012-06-03 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:01:05 . 2012-05-06 18:54:25] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-03-08 20:05:40 166424] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-03-08 20:04:28 391192] "Persistence"="C:\Windows\system32\igfxpers.exe" [2010-03-08 20:05:23 410648] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2010-02-22 19:51:00 16397416] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 09:43:18 9650720] "SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-10-29 16:28:50 84744] ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.156.0.1
- 3 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hoi nogmaals hierbij het vervolg. De foutmelding van de directory c:\program komt niet meer als ik opstart. Dus dat lijkt gelukt. Wel bestaat er nog c:\programdata-babylon en c:\programdata\TarmaInstaller - zoals eerder gemeld. De eerste directory is leeg, de twee heeft nog een folder met een serie letters als naam, zie eerdere mail met daarin eenaantal setupfiles en applicatie. Zie eerdere mail. Moeten we daar nog iets aan doen. Hierbij de combofix log: ComboFix 12-06-02.02 - BvdGroen 02-06-2012 15:19:24.4.4 - x64 MINIMAL Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2685 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Program . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))) . . 2012-06-02 13:23 . 2012-06-02 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-01 09:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AF5A79-AA87-44E2-BAB6-729214F3C03C}\mpengine.dll 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\programdata\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:39 . 2012-05-19 22:50 -------- d-----w- c:\programdata\Tarma Installer 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\programdata\Babylon 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-14 22:21 . 2012-06-02 13:00 55838 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-02 13:00 37328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30 . 2012-06-02 13:00 12506 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin - 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-06-02 13:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-01 10:22 . 2012-06-02 13:05 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-02 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-07 13:18 . 2012-05-19 22:57 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-06-01 09:08 . 2012-06-01 09:08 9560 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin + 2012-06-01 09:08 . 2012-06-01 09:08 4280 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin + 2012-06-01 09:08 . 2012-06-01 09:08 2456 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin - 2010-05-14 22:15 . 2012-05-20 21:55 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-05-14 22:15 . 2012-06-02 13:14 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-06-02 13:16 . 2012-06-02 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-02 13:16 . 2012-06-02 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44 . 2012-06-02 11:40 303472 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-05-21 08:37 616242 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-02 13:04 616242 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-02 13:04 106622 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-05-21 08:37 106622 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-06-02 13:14 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-05-20 21:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-01 09:14 . 2012-06-01 09:14 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe - 2009-12-01 10:36 . 2009-12-01 10:36 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2009-12-01 10:52 . 2012-06-02 13:14 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52 . 2012-05-20 21:55 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25 . 2012-06-02 13:14 5781092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2011-11-02 12:20 . 2012-05-21 22:51 26122028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] R2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] R2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] R3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.156.0.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-06-02 15:26:03 ComboFix-quarantined-files.txt 2012-06-02 13:26 ComboFix2.txt 2012-05-22 07:41 ComboFix3.txt 2012-05-21 22:34 ComboFix4.txt 2012-05-21 14:14 . Pre-Run: 374.371.053.568 bytes free Post-Run: 374.336.999.424 bytes free . - - End Of File - - AF8F5CDEDBA5FC6139585D5A8B378376
- 2 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hoi ik ben bezig. Eerst gaf Combofix aan dat hij nog virusscannersactief zag. Deze geprobeerd in veilige modus uit te schakelen. Lukte niet. Computer met knop uitgedaan, daarna in normale modus opgestart virusscanners uitgedaan. Opnieuw in veilige modus opgestart en combofix proberen te starten door opnieuw slepen van file naar combofix. Combofix gaf nu aan dat ik kon stoppen (nee) of doorgaan met verminderde functionaliteitsversie. Heb ja op het laatste gedaan. Toen gaf hij in een dosscherm met groene letters enige commancos en toen gebeurde er niets en combofix icoon was van mijn bureau blad verdwenen. Geen processen of applicaties running op de achtergrond dus dat is vreemd en geen outputfile. Ik ben opnieuw opgestart in normale modus en heb combofix opnieuw via de link gedownload. Ik zal het nu nogmaals in veilige modus proberen... wordt vervolgd. Je hoort nog van me...
- 2 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hoi je bedoelt met veilige modus met virusscanners ea uit toch... niet in de veilige modus vanuit Dos of zo. Dat laatste weet ik namelijk niet meer hoe dat moet onder windows 7 prof. F8 ingedrukt houden in opstartprocedure ofzo. Ik hoor het graag TNW
- 1 juni 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hoi, Nee blijkbaar zijn we nog niet klaar. Ik heb opnieuw opgestart na mijn laatste verstuurde log en verder nog niets gedaan. De directory C:\program bestaat nog steeds. Hij lijkt leeg te zijn. Bij het opstarten geeft de computer nog steeds de foutmelding dat ik deze moet renamen want verwijderen zou andere programmas niet doen opstarten. Ik heb geprobeerd mezelf full control opties te geven als niet administrator, maar dat pakt hij niet. Ook rename lukt dus niet, hij wordt gebruikt zegt ie tijdens deze actie. Deleten zal dus ook niet lukken denk ik, maar nog niet geprobeerd. Er bestaat naast c program files en c: programfilesx86 ook een C:\ ProgramData. Directory. In ProgramData is een directory genaamd C:\ProgramData\Babylon. Deze is echter ook schijnbaar leeg. Creactie: 0.39 uur op 20.05.2012 En van het zelfde tijdstip op het fatale download moment op 20-05-12 om 0:50 uur is C:\programData\TarmaInstaller. Hierin zit wel een filefolder met de naam: C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}. Hierin vind ik: Een filefolder Cache en verder 5 files met setup.dll en setupx.dll, setup icon, set up application en detup.dat file. De cache folder en dat file zijn weer van het gewraakte tijstip. De rest is van eerder (feb 2012 maak van het virus of zo?). What do I do next. Alvast dank, TNW. P.s. De snelkoppeling van de PDF creator die nog verder te installeren was is inderdaad gedeteled van mijn bureaublad (handmatig gedaan).
- 29 mei 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Hierbij de log van de EmsiSoft Emergency Kit software. Ik ga nu de computer herstarten. Mvr Grt TNWEmsisoft Emergency Kit - Versie 1.0 Laatste Update: 23/05/2012 11:07:35 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 23/05/2012 11:09:28 C:\Qoobox\Quarantine\C\Program Files (x86)\PDFCreator\message.exe.vir Ontdekt: Riskware.Win32.InstallCore.AMN!A2 Gescand Bestanden: 291283 Sporen: 408843 Cookies: 142 Processen: 91 Gevonden Bestanden: 1 Sporen: 0 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 23/05/2012 13:15:41 Scantijd: 2:06:13 C:\Qoobox\Quarantine\C\Program Files (x86)\PDFCreator\message.exe.vir Verwijderd Riskware.Win32.InstallCore.AMN!A2 Verwijderd Bestanden: 1 Sporen: 0 Cookies: 0
- 23 mei 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

Goedemorgen. Weer gecombofixt. Dit is het resultaat. Ik hoor het wel weer graag... TNW Enne C:program net als de shortcut naar de PDFconverter op het bureaublad bestaan nog steeds. ComboFix 12-05-22.01 - BvdGroen 22-05-2012 9:33.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2531 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\GPLGS c:\program files (x86)\GPLGS\a010013l.pfb c:\program files (x86)\GPLGS\a010015l.pfb c:\program files (x86)\GPLGS\a010033l.pfb c:\program files (x86)\GPLGS\a010035l.pfb c:\program files (x86)\GPLGS\acctest.ps c:\program files (x86)\GPLGS\addxchar.ps c:\program files (x86)\GPLGS\align.ps c:\program files (x86)\GPLGS\b018012l.pfb c:\program files (x86)\GPLGS\b018015l.pfb c:\program files (x86)\GPLGS\b018032l.pfb c:\program files (x86)\GPLGS\b018035l.pfb c:\program files (x86)\GPLGS\bdftops.ps c:\program files (x86)\GPLGS\c059013l.pfb c:\program files (x86)\GPLGS\c059016l.pfb c:\program files (x86)\GPLGS\c059033l.pfb c:\program files (x86)\GPLGS\c059036l.pfb c:\program files (x86)\GPLGS\caption.ps c:\program files (x86)\GPLGS\cid2code.ps c:\program files (x86)\GPLGS\COPYING c:\program files (x86)\GPLGS\d050000l.pfb c:\program files (x86)\GPLGS\decrypt.ps c:\program files (x86)\GPLGS\docie.ps c:\program files (x86)\GPLGS\errpage.ps c:\program files (x86)\GPLGS\font2c.ps c:\program files (x86)\GPLGS\font2pcl.ps c:\program files (x86)\GPLGS\Fontmap c:\program files (x86)\GPLGS\Fontmap.ATB c:\program files (x86)\GPLGS\Fontmap.ATM c:\program files (x86)\GPLGS\Fontmap.GS c:\program files (x86)\GPLGS\Fontmap.OS2 c:\program files (x86)\GPLGS\Fontmap.OSF c:\program files (x86)\GPLGS\Fontmap.SGI c:\program files (x86)\GPLGS\Fontmap.Sol c:\program files (x86)\GPLGS\Fontmap.Ult c:\program files (x86)\GPLGS\Fontmap.VMS c:\program files (x86)\GPLGS\fonts.dir c:\program files (x86)\GPLGS\fonts.scale c:\program files (x86)\GPLGS\gs_agl.ps c:\program files (x86)\GPLGS\gs_btokn.ps c:\program files (x86)\GPLGS\gs_ccfnt.ps c:\program files (x86)\GPLGS\gs_ce_e.ps c:\program files (x86)\GPLGS\gs_cff.ps c:\program files (x86)\GPLGS\gs_cidcm.ps c:\program files (x86)\GPLGS\gs_ciddc.ps c:\program files (x86)\GPLGS\gs_cidfm.ps c:\program files (x86)\GPLGS\gs_cidfn.ps c:\program files (x86)\GPLGS\gs_cidtt.ps c:\program files (x86)\GPLGS\gs_ciecs2.ps c:\program files (x86)\GPLGS\gs_ciecs3.ps c:\program files (x86)\GPLGS\gs_cmap.ps c:\program files (x86)\GPLGS\gs_cmdl.ps c:\program files (x86)\GPLGS\gs_cspace.ps c:\program files (x86)\GPLGS\gs_css_e.ps c:\program files (x86)\GPLGS\gs_dbt_e.ps c:\program files (x86)\GPLGS\gs_devcs.ps c:\program files (x86)\GPLGS\gs_devn.ps c:\program files (x86)\GPLGS\gs_devpxl.ps c:\program files (x86)\GPLGS\gs_diskf.ps c:\program files (x86)\GPLGS\gs_diskn.ps c:\program files (x86)\GPLGS\gs_dpnxt.ps c:\program files (x86)\GPLGS\gs_dps.ps c:\program files (x86)\GPLGS\gs_dps1.ps c:\program files (x86)\GPLGS\gs_dps2.ps c:\program files (x86)\GPLGS\gs_dscp.ps c:\program files (x86)\GPLGS\gs_epsf.ps c:\program files (x86)\GPLGS\gs_fapi.ps c:\program files (x86)\GPLGS\gs_fform.ps c:\program files (x86)\GPLGS\gs_fntem.ps c:\program files (x86)\GPLGS\gs_fonts.ps c:\program files (x86)\GPLGS\gs_frsd.ps c:\program files (x86)\GPLGS\gs_icc.ps c:\program files (x86)\GPLGS\gs_il1_e.ps c:\program files (x86)\GPLGS\gs_il2_e.ps c:\program files (x86)\GPLGS\gs_img.ps c:\program files (x86)\GPLGS\gs_indxd.ps c:\program files (x86)\GPLGS\gs_init.ps c:\program files (x86)\GPLGS\gs_kanji.ps c:\program files (x86)\GPLGS\gs_ksb_e.ps c:\program files (x86)\GPLGS\gs_l.xbm c:\program files (x86)\GPLGS\gs_l.xpm c:\program files (x86)\GPLGS\gs_l_m.xbm c:\program files (x86)\GPLGS\gs_l2img.ps c:\program files (x86)\GPLGS\gs_lev2.ps c:\program files (x86)\GPLGS\gs_lgo_e.ps c:\program files (x86)\GPLGS\gs_lgx_e.ps c:\program files (x86)\GPLGS\gs_ll3.ps c:\program files (x86)\GPLGS\gs_m.xbm c:\program files (x86)\GPLGS\gs_m.xpm c:\program files (x86)\GPLGS\gs_m_m.xbm c:\program files (x86)\GPLGS\gs_mex_e.ps c:\program files (x86)\GPLGS\gs_mgl_e.ps c:\program files (x86)\GPLGS\gs_mro_e.ps c:\program files (x86)\GPLGS\gs_patrn.ps c:\program files (x86)\GPLGS\gs_pdf_e.ps c:\program files (x86)\GPLGS\gs_pdfwr.ps c:\program files (x86)\GPLGS\gs_pfile.ps c:\program files (x86)\GPLGS\gs_rdlin.ps c:\program files (x86)\GPLGS\gs_res.ps c:\program files (x86)\GPLGS\gs_resmp.ps c:\program files (x86)\GPLGS\gs_resst.ps c:\program files (x86)\GPLGS\gs_s.xbm c:\program files (x86)\GPLGS\gs_s.xpm c:\program files (x86)\GPLGS\gs_s_m.xbm c:\program files (x86)\GPLGS\gs_sepr.ps c:\program files (x86)\GPLGS\gs_setpd.ps c:\program files (x86)\GPLGS\gs_statd.ps c:\program files (x86)\GPLGS\gs_std_e.ps c:\program files (x86)\GPLGS\gs_stres.ps c:\program files (x86)\GPLGS\gs_sym_e.ps c:\program files (x86)\GPLGS\gs_t.xbm c:\program files (x86)\GPLGS\gs_t.xpm c:\program files (x86)\GPLGS\gs_t_m.xbm c:\program files (x86)\GPLGS\gs_trap.ps c:\program files (x86)\GPLGS\gs_ttf.ps c:\program files (x86)\GPLGS\gs_typ32.ps c:\program files (x86)\GPLGS\gs_typ42.ps c:\program files (x86)\GPLGS\gs_type1.ps c:\program files (x86)\GPLGS\gs_wan_e.ps c:\program files (x86)\GPLGS\gs_wl1_e.ps c:\program files (x86)\GPLGS\gs_wl2_e.ps c:\program files (x86)\GPLGS\gs_wl5_e.ps c:\program files (x86)\GPLGS\gsdll32.dll c:\program files (x86)\GPLGS\gslp.ps c:\program files (x86)\GPLGS\gsnup.ps c:\program files (x86)\GPLGS\gswin32c.exe c:\program files (x86)\GPLGS\ht_ccsto.ps c:\program files (x86)\GPLGS\image-qa.ps c:\program files (x86)\GPLGS\impath.ps c:\program files (x86)\GPLGS\Info-macos.plist c:\program files (x86)\GPLGS\jispaper.ps c:\program files (x86)\GPLGS\landscap.ps c:\program files (x86)\GPLGS\level1.ps c:\program files (x86)\GPLGS\lines.ps c:\program files (x86)\GPLGS\markhint.ps c:\program files (x86)\GPLGS\markpath.ps c:\program files (x86)\GPLGS\n019003l.pfb c:\program files (x86)\GPLGS\n019004l.pfb c:\program files (x86)\GPLGS\n019023l.pfb c:\program files (x86)\GPLGS\n019024l.pfb c:\program files (x86)\GPLGS\n019043l.pfb c:\program files (x86)\GPLGS\n019044l.pfb c:\program files (x86)\GPLGS\n019063l.pfb c:\program files (x86)\GPLGS\n019064l.pfb c:\program files (x86)\GPLGS\n021003l.pfb c:\program files (x86)\GPLGS\n021004l.pfb c:\program files (x86)\GPLGS\n021023l.pfb c:\program files (x86)\GPLGS\n021024l.pfb c:\program files (x86)\GPLGS\n022003l.pfb c:\program files (x86)\GPLGS\n022004l.pfb c:\program files (x86)\GPLGS\n022023l.pfb c:\program files (x86)\GPLGS\n022024l.pfb c:\program files (x86)\GPLGS\p052003l.pfb c:\program files (x86)\GPLGS\p052004l.pfb c:\program files (x86)\GPLGS\p052023l.pfb c:\program files (x86)\GPLGS\p052024l.pfb c:\program files (x86)\GPLGS\packfile.ps c:\program files (x86)\GPLGS\pcharstr.ps c:\program files (x86)\GPLGS\pdf_base.ps c:\program files (x86)\GPLGS\pdf_draw.ps c:\program files (x86)\GPLGS\pdf_font.ps c:\program files (x86)\GPLGS\pdf_main.ps c:\program files (x86)\GPLGS\pdf_ops.ps c:\program files (x86)\GPLGS\pdf_rbld.ps c:\program files (x86)\GPLGS\pdf_sec.ps c:\program files (x86)\GPLGS\pdf2dsc.ps c:\program files (x86)\GPLGS\pdfopt.ps c:\program files (x86)\GPLGS\pdfwrite.ps c:\program files (x86)\GPLGS\pf2afm.ps c:\program files (x86)\GPLGS\pfbtopfa.ps c:\program files (x86)\GPLGS\ppath.ps c:\program files (x86)\GPLGS\pphs c:\program files (x86)\GPLGS\pphs.ps c:\program files (x86)\GPLGS\prfont.ps c:\program files (x86)\GPLGS\printafm.ps c:\program files (x86)\GPLGS\ps2ai.ps c:\program files (x86)\GPLGS\pv.sh c:\program files (x86)\GPLGS\quit.ps c:\program files (x86)\GPLGS\rollconv.ps c:\program files (x86)\GPLGS\s050000l.pfb c:\program files (x86)\GPLGS\showchar.ps c:\program files (x86)\GPLGS\showpage.ps c:\program files (x86)\GPLGS\stcinfo.ps c:\program files (x86)\GPLGS\stcolor.ps c:\program files (x86)\GPLGS\stocht.ps c:\program files (x86)\GPLGS\traceimg.ps c:\program files (x86)\GPLGS\traceop.ps c:\program files (x86)\GPLGS\type1enc.ps c:\program files (x86)\GPLGS\type1ops.ps c:\program files (x86)\GPLGS\uninfo.ps c:\program files (x86)\GPLGS\unprot.ps c:\program files (x86)\GPLGS\viewcmyk.ps c:\program files (x86)\GPLGS\viewgif.ps c:\program files (x86)\GPLGS\viewjpeg.ps c:\program files (x86)\GPLGS\viewmiff.ps c:\program files (x86)\GPLGS\viewpbm.ps c:\program files (x86)\GPLGS\viewpcx.ps c:\program files (x86)\GPLGS\viewps2a.ps c:\program files (x86)\GPLGS\wftopfa.ps c:\program files (x86)\GPLGS\winmaps.ps c:\program files (x86)\GPLGS\wrfont.ps c:\program files (x86)\GPLGS\xlatmap c:\program files (x86)\GPLGS\z003034l.pfb c:\program files (x86)\GPLGS\zeroline.ps c:\program files (x86)\PDFCreator c:\program files (x86)\PDFCreator\Converter.exe c:\program files (x86)\PDFCreator\CPWriter2.exe c:\program files (x86)\PDFCreator\custmon32i.dll c:\program files (x86)\PDFCreator\custmon64i.dll c:\program files (x86)\PDFCreator\custmoni.dll c:\program files (x86)\PDFCreator\Driver\CUSTPDFW.PPD c:\program files (x86)\PDFCreator\Driver\CUSTPDFW.SPD c:\program files (x86)\PDFCreator\Driver\FONTS.MFM c:\program files (x86)\PDFCreator\Driver\ICONLIB.DLL c:\program files (x86)\PDFCreator\Driver\PS5UI.DLL c:\program files (x86)\PDFCreator\Driver\PSCRIPT.DRV c:\program files (x86)\PDFCreator\Driver\PSCRIPT.HLP c:\program files (x86)\PDFCreator\Driver\PSCRIPT.INI c:\program files (x86)\PDFCreator\Driver\PSCRIPT.NTF c:\program files (x86)\PDFCreator\Driver\PSCRIPT5.DLL c:\program files (x86)\PDFCreator\Driver\PSMON.DLL c:\program files (x86)\PDFCreator\Driver\TESTPS.TXT c:\program files (x86)\PDFCreator\Driver\X64\PS5UI.DLL c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT.HLP c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT.NTF c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT5.DLL c:\program files (x86)\PDFCreator\message.exe c:\program files (x86)\PDFCreator\PDFWrite.rsp c:\program files (x86)\PDFCreator\pdfwriter.exe c:\program files (x86)\PDFCreator\pdfwriter32.exe c:\program files (x86)\PDFCreator\pdfwriter64.exe c:\program files (x86)\PDFCreator\Preferences.exe c:\program files (x86)\PDFCreator\Readme.htm c:\program files (x86)\PDFCreator\Setup.exe c:\program files (x86)\PDFCreator\Setup.inf c:\program files (x86)\PDFCreator\unInstpw.exe c:\program files (x86)\PDFCreator\unInstpw64.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))) . . 2012-05-22 07:39 . 2012-05-22 07:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:39 . 2012-05-19 22:48 -------- d-----w- C:\Program 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-01 06:46 . 2012-04-11 23:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-11 23:51 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-11 23:51 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-11 23:51 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-11 23:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-11 23:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-11 23:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-11 23:54 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-11 23:54 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-11 23:54 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-11 23:54 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-11 23:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 23:54 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-23 08:18 . 2011-10-29 09:46 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 11:29 . 2012-01-03 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-02-22 11:29 . 2012-01-03 19:25 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-02-22 11:29 . 2012-01-03 19:25 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-02-22 11:29 . 2012-01-03 19:25 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-02-22 11:29 . 2012-01-03 19:25 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-02-22 11:29 . 2011-10-15 11:16 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-02-22 11:29 . 2011-10-15 11:16 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-14 22:21 . 2012-05-22 07:24 55008 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-22 07:24 37264 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-10-29 09:30 . 2012-05-21 06:08 12320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2011-10-29 09:30 . 2012-05-22 07:24 12320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin - 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-05-22 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-05-22 07:36 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-22 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-07 13:18 . 2012-05-19 22:57 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-05-14 22:15 . 2012-05-20 21:55 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-05-14 22:15 . 2012-05-21 23:21 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-05-22 06:58 . 2012-05-22 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-22 06:58 . 2012-05-22 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44 . 2012-05-21 21:03 301860 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-05-22 07:03 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-21 08:37 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-21 08:37 106622 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-05-22 07:03 106622 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-05-20 21:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-21 23:21 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-12-01 10:52 . 2012-05-20 21:55 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-12-01 10:52 . 2012-05-21 23:21 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25 . 2012-05-21 23:21 2824260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2011-11-02 12:20 . 2012-05-21 22:51 26122028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.254 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-05-22 09:41:39 ComboFix-quarantined-files.txt 2012-05-22 07:41 ComboFix2.txt 2012-05-21 22:34 ComboFix3.txt 2012-05-21 14:14 . Pre-Run: 375.732.129.792 bytes free Post-Run: 375.547.117.568 bytes free . - - End Of File - - 5166C49A0B25E2818F4FA369A6EFA277
- 22 mei 2012
- 36 antwoorden
Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk reageerde op Tisnetwerruk's topic in Archief Bestrijding malware & virussen

He iets gaat er niet goed in mijn verzending van berichten aan jou! Ik had in de vorige reactie mijn combofix logje geplakt na de bovenstaande actie. Die zie ik nu niet in de discussie. Het resultaat na combofix was wel dat ik een witte balk boven aan mijn mail had staan. Ik heb mijn computer even opnieuw gestart omdat ook mijn viao balk dus weg was. Inmiddels is die weer gewoon aanwezig en de witte balk is weg boven elk scherm o.a. boven jullie helpforumscherm ook. Ik had de combofix log niet gesaved, dus ik kan hem niet plakken, hij bewaard dat kladbloklog toch niet ergens dus ik zal hem opnieuw moeten runnen. Moet is dat nogmaals doen? Hij gaf tijdens combo fix aan dat hij allerlei data ging verwijderen weet ik nog o.a. de c: program. Echter die is er nog steeds!!! Nogmaals de vorige actie dus maar doen? Dus CFScripttxt in combofix slepen, na disabeling McAfee en MMalwareBytes. Groetjes TNW ---------- Post toegevoegd om 01:20 ---------- Vorige post was om 01:13 ---------- Sorry voor de onduidelijkheid, maar nu heeft ie toch mijn eerdere mailtje verwerkt. Waar die nu net gebleven was weet ik niet. Zo heb je dus in ieder geval toch mijn Combofix logje na het slepen van het CFScriptfiletje. Die ook weg is van mijn desktop. Ben benieuwd naar je reactie. Zit dus nog wel met die PDFconverter shortcut op mijn desktop, die ik niet verder durf op te starten omdat ik denk dat dan Babylon weer geactiveerd, geinstalleerd wordt. De shortcut verwijst naar: C:\Users\BvdGroen\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_PDFConverterSetup.exe /RR Als je erop klikt zegt hij dat die niet valid is. Kan ik de shortcut dan gewoon deleten. Met groetjes, TNW
- 21 mei 2012
- 36 antwoorden

Inloggen

Tisnetwerruk

Items

Registratiedatum

Laatst bezocht

Tisnetwerruk's prestaties

Leerling (3/14)

Recente badges

Reputatie

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie