Tisnetwerruk

Dank je wel, zo goed als opgelost. Af en toe nog wat gekkigheden, maar het hoofdprobleem is weg. Groetjes TNW

Hoi HOi, Heb je nog advies, of is het zo klaar?. Ben benieuwd alvast bedankt. TNW

Hallo kweezie Wabbit, Beide geprobeerd uit te voeren. Op de eerste kwamen veel foutmeldingen : Fail 5, niet aanwezig etc. Bij de tweede kom ik er niet uit. Mijn windowsversie correspondeert niet met jouw instructie. Windows 7 professional. Ik ben bij Internet Options - Advanced geweest en heb daar : Enable third partie browser extensies uitgevinkt. Verder heb ik bij GEneral - Search - onder Settings - bij manage addons - staat babylon als default. Ik heb hem nu in prioriteit gemoved naar 5, en Babylon disabled. En bij search de adress bar uitgevinkt. Deleten daar lukt niet. Ben benieuwd of dit goed is. Tisnetwerruk.

Ook nu nog na deze combofix, zie log hierboven gebeurt het volgende. Hij reroute mijn commando www.aegeanair.com getypt in de internet balk bovenin naar https://search.babylon.com/?aegeanair bla bla bla. En krijg ik het babylon icoontje vooraan in mijn search balk. Alleen als ik telkens in de google zoekbalk, dus midden in het scherm iets intype en niet direct in de bovenste balk, blijft babylon slapen.... Wat betekent dit... voor onze acties tot nu toe?? TNW

Hierbij de combofix log. Ben benieuwd. TNW. ComboFix 12-06-05.04 - BvdGroen 06-06-2012 11:45:39.6.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2414 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))) . . 2012-06-06 09:55 . 2012-06-06 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-01 09:12 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AF5A79-AA87-44E2-BAB6-729214F3C03C}\mpengine.dll 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\programdata\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-06-03_12.02.15 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-14 22:21 . 2012-06-06 08:02 55894 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-06 08:02 37384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30 . 2012-06-06 08:02 13036 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2009-12-01 10:22 . 2012-06-06 09:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22 . 2012-06-03 09:47 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22 . 2012-06-03 09:47 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-01 10:22 . 2012-06-06 09:25 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-06 09:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-03 09:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-11-07 13:18 . 2012-06-03 12:33 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-05-14 22:15 . 2012-06-02 13:48 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-05-14 22:15 . 2012-06-05 21:52 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-06-03 09:18 . 2012-06-03 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-06 07:56 . 2012-06-06 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-06 07:56 . 2012-06-06 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-03 09:18 . 2012-06-03 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44 . 2012-06-05 19:48 303576 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-06-06 08:02 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-03 09:22 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-03 09:22 106622 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-06-06 08:02 106622 c:\windows\system32\perfc009.dat - 2009-07-14 04:46 . 2012-05-19 09:58 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-06-06 08:00 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-06-05 07:24 . 2012-06-05 07:24 237288 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm26.bin + 2009-07-14 05:01 . 2012-06-05 21:52 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-02 13:48 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:45 . 2012-06-05 14:35 7350914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-05-13 12:52 7350914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-12-01 10:52 . 2012-06-05 21:52 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52 . 2012-06-02 13:48 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25 . 2012-06-05 21:52 7329932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat - 2009-07-14 02:34 . 2012-05-13 12:45 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-06-05 07:34 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);c:\windows\TEMP\008724~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.254 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-06-06 12:16:11 ComboFix-quarantined-files.txt 2012-06-06 10:16 ComboFix2.txt 2012-06-02 13:26 ComboFix3.txt 2012-05-22 07:41 ComboFix4.txt 2012-05-21 22:34 ComboFix5.txt 2012-06-03 11:17 . Pre-Run: 374.112.165.888 bytes free Post-Run: 374.341.562.368 bytes free . - - End Of File - - 3635B324090D72F23C9D3A3DC06CCB17

Hierbij het hijacklog, Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:54:37, on 5-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430232735.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: McAfee Application Installer Cleanup (0087241338716831) (0087241338716831mcinstcleanup) - Unknown owner - C:\Windows\TEMP\008724~1.EXE (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Qualcomm Gobi 2000 Download Service (Sony) (QDLService2kSony) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\OneClickInternet\WTGService.exe -- End of file - 12889 bytes

Hoi ik weet niet wat ik fout gedaan heb. Misschien met de laatste combofix run, verkeerd herstelpunt, maar af en toe pakt hij toch weer een babylon search opdracht, als ik rechtstreeks iets intyp in de zoekbalk. Moet ik toch combofix deleten? Babylon is niet weg! Hellup.... verdorrie. TNW

Hoi de aangegeven mappen gedeleted. Ik begreep je instructie voor combofix verwijderen niet goed. Ik dacht dat ik combofix eerst moest opstarten (als administator met alle virusscanners weer uit). Dat gedaan en wilde toen je tekst plakken, maar hij was uiteraard aan het runnen. Ik heb hem netjes laten lopen Hierbij voor de zekerheid het logfile, voor het geval ik nu iets fouts gedaan heb, met het maken van een nieuw systeemherstel punt. De gewraakte files zijn wel allemaal weg, dus dat is goed gebleven. Moet ik via het Windows icoon , links onder in mijn toolbalk een venster openen, waar hij naar mappen en bestanden kan zoeken (met het loepje icoon) en dan het combofix uninstall tekst intypen, zoals aangegeven. (Hij staat inderdaad niet bij uninstall programs binnen windows omgevings -dus zo gaat dat niet)?? ik hoor het graag! TNW. ComboFix 12-06-02.02 - BvdGroen 03-06-2012 13:19:27.5.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2549 [GMT 2:00] Gestart vanuit: C:\Users\BvdGroen\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((( Bestanden Gemaakt van 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))) 2012-06-03 12:01:33 . 2012-06-03 12:01:33 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-05-20 13:28:56 . 2012-05-20 13:28:56 -------- d-----w- C:\Users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28:44 . 2012-05-20 13:28:44 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-20 13:28:43 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-05-20 13:28:42 . 2012-05-20 13:28:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07:00 . 2012-05-20 13:07:00 388096 ----a-r- C:\Users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06:58 . 2012-05-20 13:06:58 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-05-20 12:41:39 . 2012-05-20 12:56:41 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-05-20 11:44:40 . 2012-05-20 11:44:46 -------- d-----w- C:\Program Files\CCleaner 2012-05-19 22:35:08 . 2012-05-19 22:35:08 -------- d-----w- C:\Windows\system32\appmgmt 2012-05-11 07:26:24 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll 2012-05-11 07:26:23 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 07:26:20 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-05-11 07:26:19 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys 2012-05-11 07:26:18 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26:17 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25:42 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys 2012-05-11 07:25:26 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-05-11 07:25:22 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 07:25:22 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:21 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25:21 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:20 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-05-06 18:54:23 . 2012-04-04 07:01:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54:23 . 2011-11-07 13:09:35 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54:13 . 2012-04-15 20:54:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11:30 . 2012-01-03 19:10:37 162192 ----a-w- C:\Windows\system32\mfevtps.exe ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) + 2010-05-14 22:21:04 . 2012-06-03 09:20:55 55862 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10:35 . 2012-06-03 09:20:54 37360 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30:05 . 2012-06-03 09:20:54 12784 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2009-12-01 10:22:08 . 2012-06-03 09:47:12 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22:08 . 2012-05-21 13:03:57 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22:07 . 2012-06-03 09:47:12 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-01 10:22:07 . 2012-05-21 13:03:57 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54:19 . 2012-06-03 09:47:12 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54:19 . 2012-05-21 13:03:57 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-03 08:45:08 . 2012-01-03 08:45:08 16832 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll + 2012-01-03 21:51:18 . 2012-01-03 21:51:18 37296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe + 2012-01-03 08:44:22 . 2012-01-03 08:44:22 79280 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll + 2012-01-03 21:15:18 . 2012-01-03 21:15:18 99776 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe + 2012-01-03 20:52:40 . 2012-01-03 20:52:40 27048 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe + 2012-01-03 07:19:16 . 2012-01-03 07:19:16 16824 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe + 2012-01-03 07:16:32 . 2012-01-03 07:16:32 75200 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll + 2012-01-03 07:16:38 . 2012-01-03 07:16:38 61888 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll - 2011-11-07 13:18:25 . 2012-05-19 22:57:54 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2011-11-07 13:18:25 . 2012-05-21 22:51:04 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 9560 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 4280 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 2456 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin + 2010-05-14 22:15:07 . 2012-06-02 13:48:40 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2010-05-14 22:15:07 . 2012-05-20 21:55:01 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44:46 . 2012-06-03 10:47:37 303528 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 616242 C:\Windows\system32\perfh009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 616242 C:\Windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 05:01:48 . 2012-05-20 21:55:00 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01:48 . 2012-06-02 13:48:40 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-01 09:14:28 . 2012-06-01 09:14:28 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe - 2009-12-01 10:36:32 . 2009-12-01 10:36:32 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2012-01-03 07:23:56 . 2012-01-03 07:23:56 378264 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll + 2012-01-03 07:22:02 . 2012-01-03 07:22:02 103864 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll + 2012-01-03 08:43:50 . 2012-01-03 08:43:50 550360 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe + 2012-01-03 07:40:46 . 2012-01-03 07:40:46 120240 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll + 2012-01-03 21:50:30 . 2012-01-03 21:50:30 357808 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe + 2012-01-03 07:16:48 . 2012-01-03 07:16:48 665008 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll + 2012-01-03 08:38:04 . 2012-01-03 08:38:04 280024 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe + 2012-01-03 08:08:10 . 2012-01-03 08:08:10 251296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe + 2009-12-01 10:52:02 . 2012-06-02 13:48:40 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52:02 . 2012-05-20 21:55:17 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25:13 . 2012-06-02 13:48:40 5781092 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2012-03-27 15:47:55 . 2012-03-27 15:47:55 4959232 C:\Windows\Installer\2499f.msp + 2012-01-03 07:18:24 . 2012-01-03 07:18:24 2405784 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll + 2011-11-17 15:50:50 . 2011-11-17 15:50:50 6543872 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll + 2011-11-02 12:20:16 . 2012-05-21 22:51:05 26122028 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat + 2012-01-03 21:15:12 . 2012-01-03 21:15:12 20559288 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll -- Snapshot teruggezet naar huidige datum -- ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 22:25:22 284696] "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 13:40:22 316784] "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 17:22:44 538472] "MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 10:41:29 26624] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-21 19:18:44 1675160] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712] "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);C:\Windows\TEMP\008724~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 04:49:14 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 18:54:25 257696] R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 04:49:04 313840] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 22:25:24 13336] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 10:56:24 210584] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 11:24:38 330488] S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 04:36:18 259192] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 20:52:04 2320920] S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 06:46:06 845312] S2 WTGService;WTGService;C:\Program Files (x86)\OneClickInternet\WTGService.exe [2010-03-15 16:53:18 316880] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 15:10:10 574320] S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 12:23:50 44736] S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 08:55:10 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mfeavfk01 Inhoud van de 'Gedeelde Taken' map 2012-06-03 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:01:05 . 2012-05-06 18:54:25] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-03-08 20:05:40 166424] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-03-08 20:04:28 391192] "Persistence"="C:\Windows\system32\igfxpers.exe" [2010-03-08 20:05:23 410648] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2010-02-22 19:51:00 16397416] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 09:43:18 9650720] "SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-10-29 16:28:50 84744] ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.156.0.1 ComboFix 12-06-02.02 - BvdGroen 03-06-2012 13:19:27.5.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2549 [GMT 2:00] Gestart vanuit: C:\Users\BvdGroen\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((( Bestanden Gemaakt van 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))) 2012-06-03 12:01:33 . 2012-06-03 12:01:33 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-05-20 13:28:56 . 2012-05-20 13:28:56 -------- d-----w- C:\Users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28:44 . 2012-05-20 13:28:44 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-20 13:28:43 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-05-20 13:28:42 . 2012-05-20 13:28:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07:00 . 2012-05-20 13:07:00 388096 ----a-r- C:\Users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06:58 . 2012-05-20 13:06:58 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-05-20 12:41:39 . 2012-05-20 12:56:41 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-05-20 11:44:40 . 2012-05-20 11:44:46 -------- d-----w- C:\Program Files\CCleaner 2012-05-19 22:35:08 . 2012-05-19 22:35:08 -------- d-----w- C:\Windows\system32\appmgmt 2012-05-11 07:26:24 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll 2012-05-11 07:26:23 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 07:26:20 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-05-11 07:26:19 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys 2012-05-11 07:26:18 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26:17 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25:42 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys 2012-05-11 07:25:26 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-05-11 07:25:22 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 07:25:22 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:21 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25:21 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25:20 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-05-06 18:54:23 . 2012-04-04 07:01:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54:23 . 2011-11-07 13:09:35 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54:13 . 2012-04-15 20:54:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11:30 . 2012-01-03 19:10:37 162192 ----a-w- C:\Windows\system32\mfevtps.exe ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) + 2010-05-14 22:21:04 . 2012-06-03 09:20:55 55862 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10:35 . 2012-06-03 09:20:54 37360 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30:05 . 2012-06-03 09:20:54 12784 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2009-12-01 10:22:08 . 2012-06-03 09:47:12 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22:08 . 2012-05-21 13:03:57 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22:07 . 2012-06-03 09:47:12 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-01 10:22:07 . 2012-05-21 13:03:57 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54:19 . 2012-06-03 09:47:12 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54:19 . 2012-05-21 13:03:57 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-03 08:45:08 . 2012-01-03 08:45:08 16832 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll + 2012-01-03 21:51:18 . 2012-01-03 21:51:18 37296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe + 2012-01-03 08:44:22 . 2012-01-03 08:44:22 79280 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll + 2012-01-03 21:15:18 . 2012-01-03 21:15:18 99776 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe + 2012-01-03 20:52:40 . 2012-01-03 20:52:40 27048 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe + 2012-01-03 07:19:16 . 2012-01-03 07:19:16 16824 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe + 2012-01-03 07:16:32 . 2012-01-03 07:16:32 75200 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll + 2012-01-03 07:16:38 . 2012-01-03 07:16:38 61888 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll - 2011-11-07 13:18:25 . 2012-05-19 22:57:54 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2011-11-07 13:18:25 . 2012-05-21 22:51:04 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 9560 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 4280 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin + 2012-06-01 09:08:48 . 2012-06-01 09:08:48 2456 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin + 2010-05-14 22:15:07 . 2012-06-02 13:48:40 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2010-05-14 22:15:07 . 2012-05-20 21:55:01 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44:46 . 2012-06-03 10:47:37 303528 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 616242 C:\Windows\system32\perfh009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 616242 C:\Windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-06-03 09:22:51 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 02:36:59 . 2012-05-21 08:37:58 106622 C:\Windows\system32\perfc009.dat - 2009-07-14 05:01:48 . 2012-05-20 21:55:00 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01:48 . 2012-06-02 13:48:40 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-01 09:14:28 . 2012-06-01 09:14:28 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe - 2009-12-01 10:36:32 . 2009-12-01 10:36:32 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2012-01-03 07:23:56 . 2012-01-03 07:23:56 378264 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll + 2012-01-03 07:22:02 . 2012-01-03 07:22:02 103864 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll + 2012-01-03 08:43:50 . 2012-01-03 08:43:50 550360 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe + 2012-01-03 07:40:46 . 2012-01-03 07:40:46 120240 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll + 2012-01-03 21:50:30 . 2012-01-03 21:50:30 357808 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe + 2012-01-03 07:16:48 . 2012-01-03 07:16:48 665008 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll + 2012-01-03 08:38:04 . 2012-01-03 08:38:04 280024 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe + 2012-01-03 08:08:10 . 2012-01-03 08:08:10 251296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe + 2009-12-01 10:52:02 . 2012-06-02 13:48:40 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52:02 . 2012-05-20 21:55:17 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25:13 . 2012-06-02 13:48:40 5781092 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2012-03-27 15:47:55 . 2012-03-27 15:47:55 4959232 C:\Windows\Installer\2499f.msp + 2012-01-03 07:18:24 . 2012-01-03 07:18:24 2405784 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll + 2011-11-17 15:50:50 . 2011-11-17 15:50:50 6543872 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll + 2011-11-02 12:20:16 . 2012-05-21 22:51:05 26122028 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat + 2012-01-03 21:15:12 . 2012-01-03 21:15:12 20559288 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll -- Snapshot teruggezet naar huidige datum -- ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 22:25:22 284696] "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 13:40:22 316784] "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 17:22:44 538472] "MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 10:41:29 26624] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-21 19:18:44 1675160] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712] "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);C:\Windows\TEMP\008724~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 04:49:14 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 18:54:25 257696] R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664] R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 04:49:04 313840] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 22:25:24 13336] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 10:56:24 210584] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 11:24:38 330488] S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 04:36:18 259192] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 20:52:04 2320920] S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 06:46:06 845312] S2 WTGService;WTGService;C:\Program Files (x86)\OneClickInternet\WTGService.exe [2010-03-15 16:53:18 316880] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 15:10:10 574320] S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 12:23:50 44736] S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 08:55:10 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mfeavfk01 Inhoud van de 'Gedeelde Taken' map 2012-06-03 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:01:05 . 2012-05-06 18:54:25] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] 2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-03-08 20:05:40 166424] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-03-08 20:04:28 391192] "Persistence"="C:\Windows\system32\igfxpers.exe" [2010-03-08 20:05:23 410648] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2010-02-22 19:51:00 16397416] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 09:43:18 9650720] "SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-10-29 16:28:50 84744] ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.156.0.1

Hoi nogmaals hierbij het vervolg. De foutmelding van de directory c:\program komt niet meer als ik opstart. Dus dat lijkt gelukt. Wel bestaat er nog c:\programdata-babylon en c:\programdata\TarmaInstaller - zoals eerder gemeld. De eerste directory is leeg, de twee heeft nog een folder met een serie letters als naam, zie eerdere mail met daarin eenaantal setupfiles en applicatie. Zie eerdere mail. Moeten we daar nog iets aan doen. Hierbij de combofix log: ComboFix 12-06-02.02 - BvdGroen 02-06-2012 15:19:24.4.4 - x64 MINIMAL Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2685 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Program . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))) . . 2012-06-02 13:23 . 2012-06-02 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-01 09:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AF5A79-AA87-44E2-BAB6-729214F3C03C}\mpengine.dll 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\programdata\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:39 . 2012-05-19 22:50 -------- d-----w- c:\programdata\Tarma Installer 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\programdata\Babylon 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-14 22:21 . 2012-06-02 13:00 55838 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-02 13:00 37328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-29 09:30 . 2012-06-02 13:00 12506 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin - 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-06-02 13:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-01 10:22 . 2012-06-02 13:05 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-02 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-07 13:18 . 2012-05-19 22:57 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-06-01 09:08 . 2012-06-01 09:08 9560 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin + 2012-06-01 09:08 . 2012-06-01 09:08 4280 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin + 2012-06-01 09:08 . 2012-06-01 09:08 2456 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin - 2010-05-14 22:15 . 2012-05-20 21:55 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-05-14 22:15 . 2012-06-02 13:14 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-06-02 13:16 . 2012-06-02 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-02 13:16 . 2012-06-02 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44 . 2012-06-02 11:40 303472 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-05-21 08:37 616242 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-02 13:04 616242 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-02 13:04 106622 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-05-21 08:37 106622 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-06-02 13:14 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-05-20 21:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-01 09:14 . 2012-06-01 09:14 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe - 2009-12-01 10:36 . 2009-12-01 10:36 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2009-12-01 10:52 . 2012-06-02 13:14 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-12-01 10:52 . 2012-05-20 21:55 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25 . 2012-06-02 13:14 5781092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2011-11-02 12:20 . 2012-05-21 22:51 26122028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] R2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] R2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] R3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.156.0.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-06-02 15:26:03 ComboFix-quarantined-files.txt 2012-06-02 13:26 ComboFix2.txt 2012-05-22 07:41 ComboFix3.txt 2012-05-21 22:34 ComboFix4.txt 2012-05-21 14:14 . Pre-Run: 374.371.053.568 bytes free Post-Run: 374.336.999.424 bytes free . - - End Of File - - AF8F5CDEDBA5FC6139585D5A8B378376

Hoi ik ben bezig. Eerst gaf Combofix aan dat hij nog virusscannersactief zag. Deze geprobeerd in veilige modus uit te schakelen. Lukte niet. Computer met knop uitgedaan, daarna in normale modus opgestart virusscanners uitgedaan. Opnieuw in veilige modus opgestart en combofix proberen te starten door opnieuw slepen van file naar combofix. Combofix gaf nu aan dat ik kon stoppen (nee) of doorgaan met verminderde functionaliteitsversie. Heb ja op het laatste gedaan. Toen gaf hij in een dosscherm met groene letters enige commancos en toen gebeurde er niets en combofix icoon was van mijn bureau blad verdwenen. Geen processen of applicaties running op de achtergrond dus dat is vreemd en geen outputfile. Ik ben opnieuw opgestart in normale modus en heb combofix opnieuw via de link gedownload. Ik zal het nu nogmaals in veilige modus proberen... wordt vervolgd. Je hoort nog van me...

Hoi je bedoelt met veilige modus met virusscanners ea uit toch... niet in de veilige modus vanuit Dos of zo. Dat laatste weet ik namelijk niet meer hoe dat moet onder windows 7 prof. F8 ingedrukt houden in opstartprocedure ofzo. Ik hoor het graag TNW

Hoi, Nee blijkbaar zijn we nog niet klaar. Ik heb opnieuw opgestart na mijn laatste verstuurde log en verder nog niets gedaan. De directory C:\program bestaat nog steeds. Hij lijkt leeg te zijn. Bij het opstarten geeft de computer nog steeds de foutmelding dat ik deze moet renamen want verwijderen zou andere programmas niet doen opstarten. Ik heb geprobeerd mezelf full control opties te geven als niet administrator, maar dat pakt hij niet. Ook rename lukt dus niet, hij wordt gebruikt zegt ie tijdens deze actie. Deleten zal dus ook niet lukken denk ik, maar nog niet geprobeerd. Er bestaat naast c program files en c: programfilesx86 ook een C:\ ProgramData. Directory. In ProgramData is een directory genaamd C:\ProgramData\Babylon. Deze is echter ook schijnbaar leeg. Creactie: 0.39 uur op 20.05.2012 En van het zelfde tijdstip op het fatale download moment op 20-05-12 om 0:50 uur is C:\programData\TarmaInstaller. Hierin zit wel een filefolder met de naam: C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}. Hierin vind ik: Een filefolder Cache en verder 5 files met setup.dll en setupx.dll, setup icon, set up application en detup.dat file. De cache folder en dat file zijn weer van het gewraakte tijstip. De rest is van eerder (feb 2012 maak van het virus of zo?). What do I do next. Alvast dank, TNW. P.s. De snelkoppeling van de PDF creator die nog verder te installeren was is inderdaad gedeteled van mijn bureaublad (handmatig gedaan).

Hierbij de log van de EmsiSoft Emergency Kit software. Ik ga nu de computer herstarten. Mvr Grt TNWEmsisoft Emergency Kit - Versie 1.0 Laatste Update: 23/05/2012 11:07:35 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 23/05/2012 11:09:28 C:\Qoobox\Quarantine\C\Program Files (x86)\PDFCreator\message.exe.vir Ontdekt: Riskware.Win32.InstallCore.AMN!A2 Gescand Bestanden: 291283 Sporen: 408843 Cookies: 142 Processen: 91 Gevonden Bestanden: 1 Sporen: 0 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 23/05/2012 13:15:41 Scantijd: 2:06:13 C:\Qoobox\Quarantine\C\Program Files (x86)\PDFCreator\message.exe.vir Verwijderd Riskware.Win32.InstallCore.AMN!A2 Verwijderd Bestanden: 1 Sporen: 0 Cookies: 0

Goedemorgen. Weer gecombofixt. Dit is het resultaat. Ik hoor het wel weer graag... TNW Enne C:program net als de shortcut naar de PDFconverter op het bureaublad bestaan nog steeds. ComboFix 12-05-22.01 - BvdGroen 22-05-2012 9:33.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2531 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\GPLGS c:\program files (x86)\GPLGS\a010013l.pfb c:\program files (x86)\GPLGS\a010015l.pfb c:\program files (x86)\GPLGS\a010033l.pfb c:\program files (x86)\GPLGS\a010035l.pfb c:\program files (x86)\GPLGS\acctest.ps c:\program files (x86)\GPLGS\addxchar.ps c:\program files (x86)\GPLGS\align.ps c:\program files (x86)\GPLGS\b018012l.pfb c:\program files (x86)\GPLGS\b018015l.pfb c:\program files (x86)\GPLGS\b018032l.pfb c:\program files (x86)\GPLGS\b018035l.pfb c:\program files (x86)\GPLGS\bdftops.ps c:\program files (x86)\GPLGS\c059013l.pfb c:\program files (x86)\GPLGS\c059016l.pfb c:\program files (x86)\GPLGS\c059033l.pfb c:\program files (x86)\GPLGS\c059036l.pfb c:\program files (x86)\GPLGS\caption.ps c:\program files (x86)\GPLGS\cid2code.ps c:\program files (x86)\GPLGS\COPYING c:\program files (x86)\GPLGS\d050000l.pfb c:\program files (x86)\GPLGS\decrypt.ps c:\program files (x86)\GPLGS\docie.ps c:\program files (x86)\GPLGS\errpage.ps c:\program files (x86)\GPLGS\font2c.ps c:\program files (x86)\GPLGS\font2pcl.ps c:\program files (x86)\GPLGS\Fontmap c:\program files (x86)\GPLGS\Fontmap.ATB c:\program files (x86)\GPLGS\Fontmap.ATM c:\program files (x86)\GPLGS\Fontmap.GS c:\program files (x86)\GPLGS\Fontmap.OS2 c:\program files (x86)\GPLGS\Fontmap.OSF c:\program files (x86)\GPLGS\Fontmap.SGI c:\program files (x86)\GPLGS\Fontmap.Sol c:\program files (x86)\GPLGS\Fontmap.Ult c:\program files (x86)\GPLGS\Fontmap.VMS c:\program files (x86)\GPLGS\fonts.dir c:\program files (x86)\GPLGS\fonts.scale c:\program files (x86)\GPLGS\gs_agl.ps c:\program files (x86)\GPLGS\gs_btokn.ps c:\program files (x86)\GPLGS\gs_ccfnt.ps c:\program files (x86)\GPLGS\gs_ce_e.ps c:\program files (x86)\GPLGS\gs_cff.ps c:\program files (x86)\GPLGS\gs_cidcm.ps c:\program files (x86)\GPLGS\gs_ciddc.ps c:\program files (x86)\GPLGS\gs_cidfm.ps c:\program files (x86)\GPLGS\gs_cidfn.ps c:\program files (x86)\GPLGS\gs_cidtt.ps c:\program files (x86)\GPLGS\gs_ciecs2.ps c:\program files (x86)\GPLGS\gs_ciecs3.ps c:\program files (x86)\GPLGS\gs_cmap.ps c:\program files (x86)\GPLGS\gs_cmdl.ps c:\program files (x86)\GPLGS\gs_cspace.ps c:\program files (x86)\GPLGS\gs_css_e.ps c:\program files (x86)\GPLGS\gs_dbt_e.ps c:\program files (x86)\GPLGS\gs_devcs.ps c:\program files (x86)\GPLGS\gs_devn.ps c:\program files (x86)\GPLGS\gs_devpxl.ps c:\program files (x86)\GPLGS\gs_diskf.ps c:\program files (x86)\GPLGS\gs_diskn.ps c:\program files (x86)\GPLGS\gs_dpnxt.ps c:\program files (x86)\GPLGS\gs_dps.ps c:\program files (x86)\GPLGS\gs_dps1.ps c:\program files (x86)\GPLGS\gs_dps2.ps c:\program files (x86)\GPLGS\gs_dscp.ps c:\program files (x86)\GPLGS\gs_epsf.ps c:\program files (x86)\GPLGS\gs_fapi.ps c:\program files (x86)\GPLGS\gs_fform.ps c:\program files (x86)\GPLGS\gs_fntem.ps c:\program files (x86)\GPLGS\gs_fonts.ps c:\program files (x86)\GPLGS\gs_frsd.ps c:\program files (x86)\GPLGS\gs_icc.ps c:\program files (x86)\GPLGS\gs_il1_e.ps c:\program files (x86)\GPLGS\gs_il2_e.ps c:\program files (x86)\GPLGS\gs_img.ps c:\program files (x86)\GPLGS\gs_indxd.ps c:\program files (x86)\GPLGS\gs_init.ps c:\program files (x86)\GPLGS\gs_kanji.ps c:\program files (x86)\GPLGS\gs_ksb_e.ps c:\program files (x86)\GPLGS\gs_l.xbm c:\program files (x86)\GPLGS\gs_l.xpm c:\program files (x86)\GPLGS\gs_l_m.xbm c:\program files (x86)\GPLGS\gs_l2img.ps c:\program files (x86)\GPLGS\gs_lev2.ps c:\program files (x86)\GPLGS\gs_lgo_e.ps c:\program files (x86)\GPLGS\gs_lgx_e.ps c:\program files (x86)\GPLGS\gs_ll3.ps c:\program files (x86)\GPLGS\gs_m.xbm c:\program files (x86)\GPLGS\gs_m.xpm c:\program files (x86)\GPLGS\gs_m_m.xbm c:\program files (x86)\GPLGS\gs_mex_e.ps c:\program files (x86)\GPLGS\gs_mgl_e.ps c:\program files (x86)\GPLGS\gs_mro_e.ps c:\program files (x86)\GPLGS\gs_patrn.ps c:\program files (x86)\GPLGS\gs_pdf_e.ps c:\program files (x86)\GPLGS\gs_pdfwr.ps c:\program files (x86)\GPLGS\gs_pfile.ps c:\program files (x86)\GPLGS\gs_rdlin.ps c:\program files (x86)\GPLGS\gs_res.ps c:\program files (x86)\GPLGS\gs_resmp.ps c:\program files (x86)\GPLGS\gs_resst.ps c:\program files (x86)\GPLGS\gs_s.xbm c:\program files (x86)\GPLGS\gs_s.xpm c:\program files (x86)\GPLGS\gs_s_m.xbm c:\program files (x86)\GPLGS\gs_sepr.ps c:\program files (x86)\GPLGS\gs_setpd.ps c:\program files (x86)\GPLGS\gs_statd.ps c:\program files (x86)\GPLGS\gs_std_e.ps c:\program files (x86)\GPLGS\gs_stres.ps c:\program files (x86)\GPLGS\gs_sym_e.ps c:\program files (x86)\GPLGS\gs_t.xbm c:\program files (x86)\GPLGS\gs_t.xpm c:\program files (x86)\GPLGS\gs_t_m.xbm c:\program files (x86)\GPLGS\gs_trap.ps c:\program files (x86)\GPLGS\gs_ttf.ps c:\program files (x86)\GPLGS\gs_typ32.ps c:\program files (x86)\GPLGS\gs_typ42.ps c:\program files (x86)\GPLGS\gs_type1.ps c:\program files (x86)\GPLGS\gs_wan_e.ps c:\program files (x86)\GPLGS\gs_wl1_e.ps c:\program files (x86)\GPLGS\gs_wl2_e.ps c:\program files (x86)\GPLGS\gs_wl5_e.ps c:\program files (x86)\GPLGS\gsdll32.dll c:\program files (x86)\GPLGS\gslp.ps c:\program files (x86)\GPLGS\gsnup.ps c:\program files (x86)\GPLGS\gswin32c.exe c:\program files (x86)\GPLGS\ht_ccsto.ps c:\program files (x86)\GPLGS\image-qa.ps c:\program files (x86)\GPLGS\impath.ps c:\program files (x86)\GPLGS\Info-macos.plist c:\program files (x86)\GPLGS\jispaper.ps c:\program files (x86)\GPLGS\landscap.ps c:\program files (x86)\GPLGS\level1.ps c:\program files (x86)\GPLGS\lines.ps c:\program files (x86)\GPLGS\markhint.ps c:\program files (x86)\GPLGS\markpath.ps c:\program files (x86)\GPLGS\n019003l.pfb c:\program files (x86)\GPLGS\n019004l.pfb c:\program files (x86)\GPLGS\n019023l.pfb c:\program files (x86)\GPLGS\n019024l.pfb c:\program files (x86)\GPLGS\n019043l.pfb c:\program files (x86)\GPLGS\n019044l.pfb c:\program files (x86)\GPLGS\n019063l.pfb c:\program files (x86)\GPLGS\n019064l.pfb c:\program files (x86)\GPLGS\n021003l.pfb c:\program files (x86)\GPLGS\n021004l.pfb c:\program files (x86)\GPLGS\n021023l.pfb c:\program files (x86)\GPLGS\n021024l.pfb c:\program files (x86)\GPLGS\n022003l.pfb c:\program files (x86)\GPLGS\n022004l.pfb c:\program files (x86)\GPLGS\n022023l.pfb c:\program files (x86)\GPLGS\n022024l.pfb c:\program files (x86)\GPLGS\p052003l.pfb c:\program files (x86)\GPLGS\p052004l.pfb c:\program files (x86)\GPLGS\p052023l.pfb c:\program files (x86)\GPLGS\p052024l.pfb c:\program files (x86)\GPLGS\packfile.ps c:\program files (x86)\GPLGS\pcharstr.ps c:\program files (x86)\GPLGS\pdf_base.ps c:\program files (x86)\GPLGS\pdf_draw.ps c:\program files (x86)\GPLGS\pdf_font.ps c:\program files (x86)\GPLGS\pdf_main.ps c:\program files (x86)\GPLGS\pdf_ops.ps c:\program files (x86)\GPLGS\pdf_rbld.ps c:\program files (x86)\GPLGS\pdf_sec.ps c:\program files (x86)\GPLGS\pdf2dsc.ps c:\program files (x86)\GPLGS\pdfopt.ps c:\program files (x86)\GPLGS\pdfwrite.ps c:\program files (x86)\GPLGS\pf2afm.ps c:\program files (x86)\GPLGS\pfbtopfa.ps c:\program files (x86)\GPLGS\ppath.ps c:\program files (x86)\GPLGS\pphs c:\program files (x86)\GPLGS\pphs.ps c:\program files (x86)\GPLGS\prfont.ps c:\program files (x86)\GPLGS\printafm.ps c:\program files (x86)\GPLGS\ps2ai.ps c:\program files (x86)\GPLGS\pv.sh c:\program files (x86)\GPLGS\quit.ps c:\program files (x86)\GPLGS\rollconv.ps c:\program files (x86)\GPLGS\s050000l.pfb c:\program files (x86)\GPLGS\showchar.ps c:\program files (x86)\GPLGS\showpage.ps c:\program files (x86)\GPLGS\stcinfo.ps c:\program files (x86)\GPLGS\stcolor.ps c:\program files (x86)\GPLGS\stocht.ps c:\program files (x86)\GPLGS\traceimg.ps c:\program files (x86)\GPLGS\traceop.ps c:\program files (x86)\GPLGS\type1enc.ps c:\program files (x86)\GPLGS\type1ops.ps c:\program files (x86)\GPLGS\uninfo.ps c:\program files (x86)\GPLGS\unprot.ps c:\program files (x86)\GPLGS\viewcmyk.ps c:\program files (x86)\GPLGS\viewgif.ps c:\program files (x86)\GPLGS\viewjpeg.ps c:\program files (x86)\GPLGS\viewmiff.ps c:\program files (x86)\GPLGS\viewpbm.ps c:\program files (x86)\GPLGS\viewpcx.ps c:\program files (x86)\GPLGS\viewps2a.ps c:\program files (x86)\GPLGS\wftopfa.ps c:\program files (x86)\GPLGS\winmaps.ps c:\program files (x86)\GPLGS\wrfont.ps c:\program files (x86)\GPLGS\xlatmap c:\program files (x86)\GPLGS\z003034l.pfb c:\program files (x86)\GPLGS\zeroline.ps c:\program files (x86)\PDFCreator c:\program files (x86)\PDFCreator\Converter.exe c:\program files (x86)\PDFCreator\CPWriter2.exe c:\program files (x86)\PDFCreator\custmon32i.dll c:\program files (x86)\PDFCreator\custmon64i.dll c:\program files (x86)\PDFCreator\custmoni.dll c:\program files (x86)\PDFCreator\Driver\CUSTPDFW.PPD c:\program files (x86)\PDFCreator\Driver\CUSTPDFW.SPD c:\program files (x86)\PDFCreator\Driver\FONTS.MFM c:\program files (x86)\PDFCreator\Driver\ICONLIB.DLL c:\program files (x86)\PDFCreator\Driver\PS5UI.DLL c:\program files (x86)\PDFCreator\Driver\PSCRIPT.DRV c:\program files (x86)\PDFCreator\Driver\PSCRIPT.HLP c:\program files (x86)\PDFCreator\Driver\PSCRIPT.INI c:\program files (x86)\PDFCreator\Driver\PSCRIPT.NTF c:\program files (x86)\PDFCreator\Driver\PSCRIPT5.DLL c:\program files (x86)\PDFCreator\Driver\PSMON.DLL c:\program files (x86)\PDFCreator\Driver\TESTPS.TXT c:\program files (x86)\PDFCreator\Driver\X64\PS5UI.DLL c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT.HLP c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT.NTF c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT5.DLL c:\program files (x86)\PDFCreator\message.exe c:\program files (x86)\PDFCreator\PDFWrite.rsp c:\program files (x86)\PDFCreator\pdfwriter.exe c:\program files (x86)\PDFCreator\pdfwriter32.exe c:\program files (x86)\PDFCreator\pdfwriter64.exe c:\program files (x86)\PDFCreator\Preferences.exe c:\program files (x86)\PDFCreator\Readme.htm c:\program files (x86)\PDFCreator\Setup.exe c:\program files (x86)\PDFCreator\Setup.inf c:\program files (x86)\PDFCreator\unInstpw.exe c:\program files (x86)\PDFCreator\unInstpw64.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))) . . 2012-05-22 07:39 . 2012-05-22 07:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:39 . 2012-05-19 22:48 -------- d-----w- C:\Program 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-01 06:46 . 2012-04-11 23:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-11 23:51 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-11 23:51 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-11 23:51 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-11 23:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-11 23:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-11 23:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-11 23:54 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-11 23:54 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-11 23:54 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-11 23:54 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-11 23:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 23:54 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-23 08:18 . 2011-10-29 09:46 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 11:29 . 2012-01-03 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-02-22 11:29 . 2012-01-03 19:25 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-02-22 11:29 . 2012-01-03 19:25 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-02-22 11:29 . 2012-01-03 19:25 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-02-22 11:29 . 2012-01-03 19:25 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-02-22 11:29 . 2011-10-15 11:16 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-02-22 11:29 . 2011-10-15 11:16 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-14 22:21 . 2012-05-22 07:24 55008 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-22 07:24 37264 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-10-29 09:30 . 2012-05-21 06:08 12320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin + 2011-10-29 09:30 . 2012-05-22 07:24 12320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin - 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-05-22 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-05-22 07:36 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-22 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-11-07 13:18 . 2012-05-19 22:57 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-05-14 22:15 . 2012-05-20 21:55 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-05-14 22:15 . 2012-05-21 23:21 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-05-22 06:58 . 2012-05-22 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-22 06:58 . 2012-05-22 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 14:44 . 2012-05-21 21:03 301860 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-05-22 07:03 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-21 08:37 616242 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-21 08:37 106622 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-05-22 07:03 106622 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-05-20 21:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-21 23:21 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-12-01 10:52 . 2012-05-20 21:55 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-12-01 10:52 . 2012-05-21 23:21 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-29 09:25 . 2012-05-21 23:21 2824260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat + 2011-11-02 12:20 . 2012-05-21 22:51 26122028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.254 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-05-22 09:41:39 ComboFix-quarantined-files.txt 2012-05-22 07:41 ComboFix2.txt 2012-05-21 22:34 ComboFix3.txt 2012-05-21 14:14 . Pre-Run: 375.732.129.792 bytes free Post-Run: 375.547.117.568 bytes free . - - End Of File - - 5166C49A0B25E2818F4FA369A6EFA277

He iets gaat er niet goed in mijn verzending van berichten aan jou! Ik had in de vorige reactie mijn combofix logje geplakt na de bovenstaande actie. Die zie ik nu niet in de discussie. Het resultaat na combofix was wel dat ik een witte balk boven aan mijn mail had staan. Ik heb mijn computer even opnieuw gestart omdat ook mijn viao balk dus weg was. Inmiddels is die weer gewoon aanwezig en de witte balk is weg boven elk scherm o.a. boven jullie helpforumscherm ook. Ik had de combofix log niet gesaved, dus ik kan hem niet plakken, hij bewaard dat kladbloklog toch niet ergens dus ik zal hem opnieuw moeten runnen. Moet is dat nogmaals doen? Hij gaf tijdens combo fix aan dat hij allerlei data ging verwijderen weet ik nog o.a. de c: program. Echter die is er nog steeds!!! Nogmaals de vorige actie dus maar doen? Dus CFScripttxt in combofix slepen, na disabeling McAfee en MMalwareBytes. Groetjes TNW ---------- Post toegevoegd om 01:20 ---------- Vorige post was om 01:13 ---------- Sorry voor de onduidelijkheid, maar nu heeft ie toch mijn eerdere mailtje verwerkt. Waar die nu net gebleven was weet ik niet. Zo heb je dus in ieder geval toch mijn Combofix logje na het slepen van het CFScriptfiletje. Die ook weg is van mijn desktop. Ben benieuwd naar je reactie. Zit dus nog wel met die PDFconverter shortcut op mijn desktop, die ik niet verder durf op te starten omdat ik denk dat dan Babylon weer geactiveerd, geinstalleerd wordt. De shortcut verwijst naar: C:\Users\BvdGroen\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_PDFConverterSetup.exe /RR Als je erop klikt zegt hij dat die niet valid is. Kan ik de shortcut dan gewoon deleten. Met groetjes, TNW

Hoi Hier het resultaat van Combofix. McAffee en Malwarebytes uitgeschakeld tijdens runnen na warning. Was ik effe vergeten, maar ging goed. Ik weet alleen niet of we erop vooruit gegaan zijn. Inmiddels is mijn vaio-top bar (vaio control gate) weg uit mijn scherm en zie ik boven elke scherm een witte balk in de top. O Op mijn desktop staat nog de gevraakte shortcut naar de PDFconverter, die naar de C:users:bvdgroen:appdata: lokal: instalpdfconverter etc directory verwees en die ik niet gedelete had, omdat dit slechts een shortcut was en ik dacht dat hij anders niet meer te tracen zou zijn om hem voorgoed kwijt te raken. Als ik dit icoon rechtermuis aanklik, krijk ik een internet explorer fout. Programma reageert niet meer. Ik stuur je als het lukt zo een vervolg. Eerst even het logje plakken. Dan kijken wat er verder nog mis is, maar nu kan ik in ieder geval nog plakken en internetten. Tot zo, dus voor deel 2 dat hier wel bij hoort. ComboFix 12-05-21.05 - BvdGroen 21-05-2012 23:56:06.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.1761 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "C:\user.js" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\user.js c:\users\BvdGroen\AppData\Local\Babylon c:\users\BvdGroen\AppData\Local\Babylon\Setup\bab033.tbinst.dat c:\users\BvdGroen\AppData\Local\Babylon\Setup\bab091.norecovericon.dat c:\users\BvdGroen\AppData\Local\Babylon\Setup\Babylon.dat c:\users\BvdGroen\AppData\Local\Babylon\Setup\BExternal.dll c:\users\BvdGroen\AppData\Local\Babylon\Setup\Chrome_tb.zpb c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\eula.html c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\globe.png c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\options.js c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page0.html c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page2.css c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page2.html c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page3.css c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page3.html c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\progress.png c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\setup.js c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\title.png c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg c:\users\BvdGroen\AppData\Local\Babylon\Setup\IECookieLow.dll c:\users\BvdGroen\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb c:\users\BvdGroen\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb c:\users\BvdGroen\AppData\Local\Babylon\Setup\Setup.exe c:\users\BvdGroen\AppData\Local\Babylon\Setup\SetupStrings.dat c:\users\BvdGroen\AppData\Local\Babylon\Setup\sign c:\users\BvdGroen\AppData\Local\Babylon\Setup\sqlite3.dll c:\users\BvdGroen\AppData\Roaming\Babylon c:\users\BvdGroen\AppData\Roaming\Babylon\log_file.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))) . . 2012-05-21 22:10 . 2012-05-21 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\program files (x86)\GPLGS 2012-05-19 22:39 . 2012-05-19 22:48 -------- d-----w- C:\Program 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\program files (x86)\PDFCreator 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-01 06:46 . 2012-04-11 23:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-11 23:51 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-11 23:51 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-11 23:51 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-11 23:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-11 23:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-11 23:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-11 23:54 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-11 23:54 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-11 23:54 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-11 23:54 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-11 23:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 23:54 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-23 08:18 . 2011-10-29 09:46 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 11:29 . 2012-01-03 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-02-22 11:29 . 2012-01-03 19:25 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-02-22 11:29 . 2012-01-03 19:25 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-02-22 11:29 . 2012-01-03 19:25 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-02-22 11:29 . 2012-01-03 19:25 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-02-22 11:29 . 2011-10-15 11:16 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-02-22 11:29 . 2011-10-15 11:16 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 ))))))))))))))))))))))))))))))))))))))))) . - 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-05-21 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-01 10:22 . 2012-05-21 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-21 21:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-10-29 14:44 . 2012-05-21 21:03 301860 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.254 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-05-22 00:34:02 ComboFix-quarantined-files.txt 2012-05-21 22:33 ComboFix2.txt 2012-05-21 14:14 . Pre-Run: 369.095.041.024 bytes free Post-Run: 369.183.842.304 bytes free . - - End Of File - - F559498A37989BE6D5E403696CF4D0F8

Hoi hierbij mijn combo fix logje. Ik hoor graag het vervolg dat nodig is... De directory c program en het javascript filetje user op C bestaan nog steeds. Zijn die nodig... harmless. Groetjes TNW ComboFix 12-05-20.10 - BvdGroen 21-05-2012 15:42:08.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.1752 [GMT 2:00] Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk c:\programdata\Roaming c:\users\BvdGroen\AppData\Roaming\.# c:\windows\IsUn0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))) . . 2012-05-21 13:53 . 2012-05-21 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes 2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner 2012-05-19 22:39 . 2012-05-19 22:39 1529 ----a-w- C:\user.js 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\program files (x86)\GPLGS 2012-05-19 22:39 . 2012-05-19 22:48 -------- d-----w- C:\Program 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\users\BvdGroen\AppData\Local\Babylon 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\program files (x86)\PDFCreator 2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Babylon 2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt 2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-01 06:46 . 2012-04-11 23:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-11 23:51 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-11 23:51 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-11 23:51 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-11 23:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-11 23:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-11 23:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-11 23:54 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-11 23:54 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-11 23:54 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-11 23:54 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-11 23:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 23:54 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-23 08:18 . 2011-10-29 09:46 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 11:29 . 2012-01-03 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-02-22 11:29 . 2012-01-03 19:25 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-02-22 11:29 . 2012-01-03 19:25 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-02-22 11:29 . 2012-01-03 19:25 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-02-22 11:29 . 2012-01-03 19:25 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-02-22 11:29 . 2012-01-03 19:25 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-02-22 11:29 . 2011-10-15 11:16 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-02-22 11:29 . 2011-10-15 11:16 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x] S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x] S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.254 . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0413.EXE AddRemove-Adobe SVG Viewer - c:\windows\IsUn0413.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-05-21 16:14:29 ComboFix-quarantined-files.txt 2012-05-21 14:14 . Pre-Run: 374.791.069.696 bytes free Post-Run: 374.347.563.008 bytes free . - - End Of File - - A86F6789B484C9FF9AE95C519C00CD68

Hoi Combofix staat klaar op bureaublad. Malwarebytes is tijdelijk uit. McAfee Internet security krijg ik niet uit op de aangegeven manier in de handleiding. Ik heb de fire wall, de update activation en de real time scanning off gezet voor 60 minuten. Is dat voldoende om zo combofix te runnen? Mijn MCAffee internet security op mijn vaio sony functioneert blijkbaar anders dan aangegeven. De opties die zij geven in de animated gif versie 7.0 heb ik niet op de versie 11.0. graag je snelle reactie want hij is nu onbeschermd. Met groetjes, TNW

Thanx gelukt. Nog een laastste vraag. Door Babylon (denk ik) staat er nog een directory C:program op mijn computer die ik niet kan renamen of verwijderen. Deze bestaat naast C:program files en c: program files (x86). Ook zie ik hier dat er een Javacripted user is aangemaakt-gewijzigd op de tijd van het downloaden van het programma, waarmee babylon binnen kwam. Dit c:program leidt tot de foutmelding bij opstarten van de computer dat ik die directory moet Renamen, naar bijvoorbeeld c:program1 maar dat lukt niet omdat bij het opstarten hier blijkbaar iets in geopend wordt al is hij leeg. Ik heb het ook vanuit de C schijf geprobeerd. Hij geeft aan dat daardoor andere programmas mogelijk niet lekker functioneren. Kan ik hier nog iets aan doen? Bedankt voor alles. Tisnetwerruk.

Hallo hallo, Ik heb de fix checked actie uitgevoerd op de 4 items. Resultaat. Nu start de internetbrowser op met MSN, dus dat is al een stuk beter. Ben ik qua security klaar of niet? En... Waar zet ik nu mijn internet homepage terug. In de Control Panel - network and internet - internet opties - change homepage is onder general het venster waarin je homepage vermeld staat niet zichtbaar. Klopt dit? Thanx voor alle hulp zo ver al! Bijgevoegd de nieuw Hijacklog. En de log van de snelle scan van malwarebytes. Geen kwaadaardige objecten gevonden. Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.05.20.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 BvdGroen :: BVDGROEN-VAIO [administrator] Realtime bescherming: Ingeschakeld 20-5-2012 22:19:36 mbam-log-2012-05-20 (22-19-36).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 201449 Verstreken tijd: 3 minuut/minuten, 51 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:13:11, on 20-5-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430232735.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Qualcomm Gobi 2000 Download Service (Sony) (QDLService2kSony) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\OneClickInternet\WTGService.exe -- End of file - 13931 bytes

Hallo het lukt me nog niet het babylon search redirect virus te verwijderen. Hier mijn HijJack logje. Kunnen jullie me helpen. Onder windows7. Thankx tisnetwerruk. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:10:58, on 20-5-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430232735.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Qualcomm Gobi 2000 Download Service (Sony) (QDLService2kSony) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\OneClickInternet\WTGService.exe -- End of file - 14292 bytes