Ga naar inhoud

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk


Aanbevolen berichten

Hoi Hier het resultaat van Combofix.

McAffee en Malwarebytes uitgeschakeld tijdens runnen na warning. Was ik effe vergeten, maar ging goed. Ik weet alleen niet of we erop vooruit gegaan zijn.

Inmiddels is mijn vaio-top bar (vaio control gate) weg uit mijn scherm en zie ik boven elke scherm een witte balk in de top. O

Op mijn desktop staat nog de gevraakte shortcut naar de PDFconverter, die naar de C:users:bvdgroen:appdata: lokal: instalpdfconverter etc directory verwees en die ik niet gedelete had, omdat dit slechts een shortcut was en ik dacht dat hij anders niet meer te tracen zou zijn om hem voorgoed kwijt te raken.

Als ik dit icoon rechtermuis aanklik, krijk ik een internet explorer fout. Programma reageert niet meer.

Ik stuur je als het lukt zo een vervolg. Eerst even het logje plakken. Dan kijken wat er verder nog mis is, maar nu kan ik in ieder geval nog plakken en internetten. Tot zo, dus voor deel 2 dat hier wel bij hoort.

ComboFix 12-05-21.05 - BvdGroen 21-05-2012 23:56:06.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.1761 [GMT 2:00]

Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\user.js

c:\users\BvdGroen\AppData\Local\Babylon

c:\users\BvdGroen\AppData\Local\Babylon\Setup\bab033.tbinst.dat

c:\users\BvdGroen\AppData\Local\Babylon\Setup\bab091.norecovericon.dat

c:\users\BvdGroen\AppData\Local\Babylon\Setup\Babylon.dat

c:\users\BvdGroen\AppData\Local\Babylon\Setup\BExternal.dll

c:\users\BvdGroen\AppData\Local\Babylon\Setup\Chrome_tb.zpb

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\eula.html

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\globe.png

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\options.js

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page0.html

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page2.css

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page2.html

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page3.css

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page3.html

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\progress.png

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\setup.js

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\title.png

c:\users\BvdGroen\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg

c:\users\BvdGroen\AppData\Local\Babylon\Setup\IECookieLow.dll

c:\users\BvdGroen\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb

c:\users\BvdGroen\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb

c:\users\BvdGroen\AppData\Local\Babylon\Setup\Setup.exe

c:\users\BvdGroen\AppData\Local\Babylon\Setup\SetupStrings.dat

c:\users\BvdGroen\AppData\Local\Babylon\Setup\sign

c:\users\BvdGroen\AppData\Local\Babylon\Setup\sqlite3.dll

c:\users\BvdGroen\AppData\Roaming\Babylon

c:\users\BvdGroen\AppData\Roaming\Babylon\log_file.txt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-21 to 2012-05-21 ))))))))))))))))))))))))))))))

.

.

2012-05-21 22:10 . 2012-05-21 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes

2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner

2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\program files (x86)\GPLGS

2012-05-19 22:39 . 2012-05-19 22:48 -------- d-----w- C:\Program

2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\program files (x86)\PDFCreator

2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt

2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-01 06:46 . 2012-04-11 23:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-11 23:51 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-11 23:51 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-11 23:51 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-11 23:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-11 23:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-11 23:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-11 23:54 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-11 23:54 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-11 23:54 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-11 23:54 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-11 23:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-11 23:54 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-23 08:18 . 2011-10-29 09:46 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-22 11:29 . 2012-01-03 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-02-22 11:29 . 2012-01-03 19:25 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2012-02-22 11:29 . 2012-01-03 19:25 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-02-22 11:29 . 2012-01-03 19:25 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-02-22 11:29 . 2012-01-03 19:25 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-02-22 11:29 . 2012-01-03 19:25 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-02-22 11:29 . 2012-01-03 19:25 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-02-22 11:29 . 2011-10-15 11:16 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-02-22 11:29 . 2011-10-15 11:16 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-01 10:22 . 2012-05-21 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-01 10:22 . 2012-05-21 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-21 21:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-10-29 14:44 . 2012-05-21 21:03 301860 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]

S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x]

S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x]

S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.254

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-05-22 00:34:02

ComboFix-quarantined-files.txt 2012-05-21 22:33

ComboFix2.txt 2012-05-21 14:14

.

Pre-Run: 369.095.041.024 bytes free

Post-Run: 369.183.842.304 bytes free

.

- - End Of File - - F559498A37989BE6D5E403696CF4D0F8

Link naar reactie
Delen op andere sites

  • Reacties 36
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

He iets gaat er niet goed in mijn verzending van berichten aan jou!

Ik had in de vorige reactie mijn combofix logje geplakt na de bovenstaande actie. Die zie ik nu niet in de discussie.

Het resultaat na combofix was wel dat ik een witte balk boven aan mijn mail had staan. Ik heb mijn computer even opnieuw gestart omdat ook mijn viao balk dus weg was. Inmiddels is die weer gewoon aanwezig en de witte balk is weg boven elk scherm o.a. boven jullie helpforumscherm ook.

Ik had de combofix log niet gesaved, dus ik kan hem niet plakken, hij bewaard dat kladbloklog toch niet ergens dus ik zal hem opnieuw moeten runnen. Moet is dat nogmaals doen?

Hij gaf tijdens combo fix aan dat hij allerlei data ging verwijderen weet ik nog o.a. de c: program. Echter die is er nog steeds!!!

Nogmaals de vorige actie dus maar doen? Dus CFScripttxt in combofix slepen, na disabeling McAfee en MMalwareBytes.

Groetjes TNW

---------- Post toegevoegd om 01:20 ---------- Vorige post was om 01:13 ----------

Sorry voor de onduidelijkheid, maar nu heeft ie toch mijn eerdere mailtje verwerkt. Waar die nu net gebleven was weet ik niet. Zo heb je dus in ieder geval toch mijn Combofix logje na het slepen van het CFScriptfiletje. Die ook weg is van mijn desktop.

Ben benieuwd naar je reactie.

Zit dus nog wel met die PDFconverter shortcut op mijn desktop, die ik niet verder durf op te starten omdat ik denk dat dan Babylon weer geactiveerd, geinstalleerd wordt.

De shortcut verwijst naar:

C:\Users\BvdGroen\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_PDFConverterSetup.exe /RR

Als je erop klikt zegt hij dat die niet valid is.

Kan ik de shortcut dan gewoon deleten.

Met groetjes,

TNW

Link naar reactie
Delen op andere sites

De problemen zijn inderdaad ontstaan door de download van die PDFConvertor. Doe even dit :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files (x86)\GPLGS

C:\Program

c:\program files (x86)\PDFCreator

c:\windows\system32\appmgmt

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Goedemorgen. Weer gecombofixt. Dit is het resultaat. Ik hoor het wel weer graag... TNW

Enne C:program net als de shortcut naar de PDFconverter op het bureaublad bestaan nog steeds.

ComboFix 12-05-22.01 - BvdGroen 22-05-2012 9:33.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2531 [GMT 2:00]

Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\GPLGS

c:\program files (x86)\GPLGS\a010013l.pfb

c:\program files (x86)\GPLGS\a010015l.pfb

c:\program files (x86)\GPLGS\a010033l.pfb

c:\program files (x86)\GPLGS\a010035l.pfb

c:\program files (x86)\GPLGS\acctest.ps

c:\program files (x86)\GPLGS\addxchar.ps

c:\program files (x86)\GPLGS\align.ps

c:\program files (x86)\GPLGS\b018012l.pfb

c:\program files (x86)\GPLGS\b018015l.pfb

c:\program files (x86)\GPLGS\b018032l.pfb

c:\program files (x86)\GPLGS\b018035l.pfb

c:\program files (x86)\GPLGS\bdftops.ps

c:\program files (x86)\GPLGS\c059013l.pfb

c:\program files (x86)\GPLGS\c059016l.pfb

c:\program files (x86)\GPLGS\c059033l.pfb

c:\program files (x86)\GPLGS\c059036l.pfb

c:\program files (x86)\GPLGS\caption.ps

c:\program files (x86)\GPLGS\cid2code.ps

c:\program files (x86)\GPLGS\COPYING

c:\program files (x86)\GPLGS\d050000l.pfb

c:\program files (x86)\GPLGS\decrypt.ps

c:\program files (x86)\GPLGS\docie.ps

c:\program files (x86)\GPLGS\errpage.ps

c:\program files (x86)\GPLGS\font2c.ps

c:\program files (x86)\GPLGS\font2pcl.ps

c:\program files (x86)\GPLGS\Fontmap

c:\program files (x86)\GPLGS\Fontmap.ATB

c:\program files (x86)\GPLGS\Fontmap.ATM

c:\program files (x86)\GPLGS\Fontmap.GS

c:\program files (x86)\GPLGS\Fontmap.OS2

c:\program files (x86)\GPLGS\Fontmap.OSF

c:\program files (x86)\GPLGS\Fontmap.SGI

c:\program files (x86)\GPLGS\Fontmap.Sol

c:\program files (x86)\GPLGS\Fontmap.Ult

c:\program files (x86)\GPLGS\Fontmap.VMS

c:\program files (x86)\GPLGS\fonts.dir

c:\program files (x86)\GPLGS\fonts.scale

c:\program files (x86)\GPLGS\gs_agl.ps

c:\program files (x86)\GPLGS\gs_btokn.ps

c:\program files (x86)\GPLGS\gs_ccfnt.ps

c:\program files (x86)\GPLGS\gs_ce_e.ps

c:\program files (x86)\GPLGS\gs_cff.ps

c:\program files (x86)\GPLGS\gs_cidcm.ps

c:\program files (x86)\GPLGS\gs_ciddc.ps

c:\program files (x86)\GPLGS\gs_cidfm.ps

c:\program files (x86)\GPLGS\gs_cidfn.ps

c:\program files (x86)\GPLGS\gs_cidtt.ps

c:\program files (x86)\GPLGS\gs_ciecs2.ps

c:\program files (x86)\GPLGS\gs_ciecs3.ps

c:\program files (x86)\GPLGS\gs_cmap.ps

c:\program files (x86)\GPLGS\gs_cmdl.ps

c:\program files (x86)\GPLGS\gs_cspace.ps

c:\program files (x86)\GPLGS\gs_css_e.ps

c:\program files (x86)\GPLGS\gs_dbt_e.ps

c:\program files (x86)\GPLGS\gs_devcs.ps

c:\program files (x86)\GPLGS\gs_devn.ps

c:\program files (x86)\GPLGS\gs_devpxl.ps

c:\program files (x86)\GPLGS\gs_diskf.ps

c:\program files (x86)\GPLGS\gs_diskn.ps

c:\program files (x86)\GPLGS\gs_dpnxt.ps

c:\program files (x86)\GPLGS\gs_dps.ps

c:\program files (x86)\GPLGS\gs_dps1.ps

c:\program files (x86)\GPLGS\gs_dps2.ps

c:\program files (x86)\GPLGS\gs_dscp.ps

c:\program files (x86)\GPLGS\gs_epsf.ps

c:\program files (x86)\GPLGS\gs_fapi.ps

c:\program files (x86)\GPLGS\gs_fform.ps

c:\program files (x86)\GPLGS\gs_fntem.ps

c:\program files (x86)\GPLGS\gs_fonts.ps

c:\program files (x86)\GPLGS\gs_frsd.ps

c:\program files (x86)\GPLGS\gs_icc.ps

c:\program files (x86)\GPLGS\gs_il1_e.ps

c:\program files (x86)\GPLGS\gs_il2_e.ps

c:\program files (x86)\GPLGS\gs_img.ps

c:\program files (x86)\GPLGS\gs_indxd.ps

c:\program files (x86)\GPLGS\gs_init.ps

c:\program files (x86)\GPLGS\gs_kanji.ps

c:\program files (x86)\GPLGS\gs_ksb_e.ps

c:\program files (x86)\GPLGS\gs_l.xbm

c:\program files (x86)\GPLGS\gs_l.xpm

c:\program files (x86)\GPLGS\gs_l_m.xbm

c:\program files (x86)\GPLGS\gs_l2img.ps

c:\program files (x86)\GPLGS\gs_lev2.ps

c:\program files (x86)\GPLGS\gs_lgo_e.ps

c:\program files (x86)\GPLGS\gs_lgx_e.ps

c:\program files (x86)\GPLGS\gs_ll3.ps

c:\program files (x86)\GPLGS\gs_m.xbm

c:\program files (x86)\GPLGS\gs_m.xpm

c:\program files (x86)\GPLGS\gs_m_m.xbm

c:\program files (x86)\GPLGS\gs_mex_e.ps

c:\program files (x86)\GPLGS\gs_mgl_e.ps

c:\program files (x86)\GPLGS\gs_mro_e.ps

c:\program files (x86)\GPLGS\gs_patrn.ps

c:\program files (x86)\GPLGS\gs_pdf_e.ps

c:\program files (x86)\GPLGS\gs_pdfwr.ps

c:\program files (x86)\GPLGS\gs_pfile.ps

c:\program files (x86)\GPLGS\gs_rdlin.ps

c:\program files (x86)\GPLGS\gs_res.ps

c:\program files (x86)\GPLGS\gs_resmp.ps

c:\program files (x86)\GPLGS\gs_resst.ps

c:\program files (x86)\GPLGS\gs_s.xbm

c:\program files (x86)\GPLGS\gs_s.xpm

c:\program files (x86)\GPLGS\gs_s_m.xbm

c:\program files (x86)\GPLGS\gs_sepr.ps

c:\program files (x86)\GPLGS\gs_setpd.ps

c:\program files (x86)\GPLGS\gs_statd.ps

c:\program files (x86)\GPLGS\gs_std_e.ps

c:\program files (x86)\GPLGS\gs_stres.ps

c:\program files (x86)\GPLGS\gs_sym_e.ps

c:\program files (x86)\GPLGS\gs_t.xbm

c:\program files (x86)\GPLGS\gs_t.xpm

c:\program files (x86)\GPLGS\gs_t_m.xbm

c:\program files (x86)\GPLGS\gs_trap.ps

c:\program files (x86)\GPLGS\gs_ttf.ps

c:\program files (x86)\GPLGS\gs_typ32.ps

c:\program files (x86)\GPLGS\gs_typ42.ps

c:\program files (x86)\GPLGS\gs_type1.ps

c:\program files (x86)\GPLGS\gs_wan_e.ps

c:\program files (x86)\GPLGS\gs_wl1_e.ps

c:\program files (x86)\GPLGS\gs_wl2_e.ps

c:\program files (x86)\GPLGS\gs_wl5_e.ps

c:\program files (x86)\GPLGS\gsdll32.dll

c:\program files (x86)\GPLGS\gslp.ps

c:\program files (x86)\GPLGS\gsnup.ps

c:\program files (x86)\GPLGS\gswin32c.exe

c:\program files (x86)\GPLGS\ht_ccsto.ps

c:\program files (x86)\GPLGS\image-qa.ps

c:\program files (x86)\GPLGS\impath.ps

c:\program files (x86)\GPLGS\Info-macos.plist

c:\program files (x86)\GPLGS\jispaper.ps

c:\program files (x86)\GPLGS\landscap.ps

c:\program files (x86)\GPLGS\level1.ps

c:\program files (x86)\GPLGS\lines.ps

c:\program files (x86)\GPLGS\markhint.ps

c:\program files (x86)\GPLGS\markpath.ps

c:\program files (x86)\GPLGS\n019003l.pfb

c:\program files (x86)\GPLGS\n019004l.pfb

c:\program files (x86)\GPLGS\n019023l.pfb

c:\program files (x86)\GPLGS\n019024l.pfb

c:\program files (x86)\GPLGS\n019043l.pfb

c:\program files (x86)\GPLGS\n019044l.pfb

c:\program files (x86)\GPLGS\n019063l.pfb

c:\program files (x86)\GPLGS\n019064l.pfb

c:\program files (x86)\GPLGS\n021003l.pfb

c:\program files (x86)\GPLGS\n021004l.pfb

c:\program files (x86)\GPLGS\n021023l.pfb

c:\program files (x86)\GPLGS\n021024l.pfb

c:\program files (x86)\GPLGS\n022003l.pfb

c:\program files (x86)\GPLGS\n022004l.pfb

c:\program files (x86)\GPLGS\n022023l.pfb

c:\program files (x86)\GPLGS\n022024l.pfb

c:\program files (x86)\GPLGS\p052003l.pfb

c:\program files (x86)\GPLGS\p052004l.pfb

c:\program files (x86)\GPLGS\p052023l.pfb

c:\program files (x86)\GPLGS\p052024l.pfb

c:\program files (x86)\GPLGS\packfile.ps

c:\program files (x86)\GPLGS\pcharstr.ps

c:\program files (x86)\GPLGS\pdf_base.ps

c:\program files (x86)\GPLGS\pdf_draw.ps

c:\program files (x86)\GPLGS\pdf_font.ps

c:\program files (x86)\GPLGS\pdf_main.ps

c:\program files (x86)\GPLGS\pdf_ops.ps

c:\program files (x86)\GPLGS\pdf_rbld.ps

c:\program files (x86)\GPLGS\pdf_sec.ps

c:\program files (x86)\GPLGS\pdf2dsc.ps

c:\program files (x86)\GPLGS\pdfopt.ps

c:\program files (x86)\GPLGS\pdfwrite.ps

c:\program files (x86)\GPLGS\pf2afm.ps

c:\program files (x86)\GPLGS\pfbtopfa.ps

c:\program files (x86)\GPLGS\ppath.ps

c:\program files (x86)\GPLGS\pphs

c:\program files (x86)\GPLGS\pphs.ps

c:\program files (x86)\GPLGS\prfont.ps

c:\program files (x86)\GPLGS\printafm.ps

c:\program files (x86)\GPLGS\ps2ai.ps

c:\program files (x86)\GPLGS\pv.sh

c:\program files (x86)\GPLGS\quit.ps

c:\program files (x86)\GPLGS\rollconv.ps

c:\program files (x86)\GPLGS\s050000l.pfb

c:\program files (x86)\GPLGS\showchar.ps

c:\program files (x86)\GPLGS\showpage.ps

c:\program files (x86)\GPLGS\stcinfo.ps

c:\program files (x86)\GPLGS\stcolor.ps

c:\program files (x86)\GPLGS\stocht.ps

c:\program files (x86)\GPLGS\traceimg.ps

c:\program files (x86)\GPLGS\traceop.ps

c:\program files (x86)\GPLGS\type1enc.ps

c:\program files (x86)\GPLGS\type1ops.ps

c:\program files (x86)\GPLGS\uninfo.ps

c:\program files (x86)\GPLGS\unprot.ps

c:\program files (x86)\GPLGS\viewcmyk.ps

c:\program files (x86)\GPLGS\viewgif.ps

c:\program files (x86)\GPLGS\viewjpeg.ps

c:\program files (x86)\GPLGS\viewmiff.ps

c:\program files (x86)\GPLGS\viewpbm.ps

c:\program files (x86)\GPLGS\viewpcx.ps

c:\program files (x86)\GPLGS\viewps2a.ps

c:\program files (x86)\GPLGS\wftopfa.ps

c:\program files (x86)\GPLGS\winmaps.ps

c:\program files (x86)\GPLGS\wrfont.ps

c:\program files (x86)\GPLGS\xlatmap

c:\program files (x86)\GPLGS\z003034l.pfb

c:\program files (x86)\GPLGS\zeroline.ps

c:\program files (x86)\PDFCreator

c:\program files (x86)\PDFCreator\Converter.exe

c:\program files (x86)\PDFCreator\CPWriter2.exe

c:\program files (x86)\PDFCreator\custmon32i.dll

c:\program files (x86)\PDFCreator\custmon64i.dll

c:\program files (x86)\PDFCreator\custmoni.dll

c:\program files (x86)\PDFCreator\Driver\CUSTPDFW.PPD

c:\program files (x86)\PDFCreator\Driver\CUSTPDFW.SPD

c:\program files (x86)\PDFCreator\Driver\FONTS.MFM

c:\program files (x86)\PDFCreator\Driver\ICONLIB.DLL

c:\program files (x86)\PDFCreator\Driver\PS5UI.DLL

c:\program files (x86)\PDFCreator\Driver\PSCRIPT.DRV

c:\program files (x86)\PDFCreator\Driver\PSCRIPT.HLP

c:\program files (x86)\PDFCreator\Driver\PSCRIPT.INI

c:\program files (x86)\PDFCreator\Driver\PSCRIPT.NTF

c:\program files (x86)\PDFCreator\Driver\PSCRIPT5.DLL

c:\program files (x86)\PDFCreator\Driver\PSMON.DLL

c:\program files (x86)\PDFCreator\Driver\TESTPS.TXT

c:\program files (x86)\PDFCreator\Driver\X64\PS5UI.DLL

c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT.HLP

c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT.NTF

c:\program files (x86)\PDFCreator\Driver\X64\PSCRIPT5.DLL

c:\program files (x86)\PDFCreator\message.exe

c:\program files (x86)\PDFCreator\PDFWrite.rsp

c:\program files (x86)\PDFCreator\pdfwriter.exe

c:\program files (x86)\PDFCreator\pdfwriter32.exe

c:\program files (x86)\PDFCreator\pdfwriter64.exe

c:\program files (x86)\PDFCreator\Preferences.exe

c:\program files (x86)\PDFCreator\Readme.htm

c:\program files (x86)\PDFCreator\Setup.exe

c:\program files (x86)\PDFCreator\Setup.inf

c:\program files (x86)\PDFCreator\unInstpw.exe

c:\program files (x86)\PDFCreator\unInstpw64.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-22 to 2012-05-22 ))))))))))))))))))))))))))))))

.

.

2012-05-22 07:39 . 2012-05-22 07:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes

2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner

2012-05-19 22:39 . 2012-05-19 22:48 -------- d-----w- C:\Program

2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt

2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-01 06:46 . 2012-04-11 23:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-11 23:51 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-11 23:51 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-11 23:51 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-11 23:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-11 23:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-11 23:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-11 23:54 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-11 23:54 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-11 23:54 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-11 23:54 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-11 23:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-11 23:54 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-11 23:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-23 08:18 . 2011-10-29 09:46 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-22 11:29 . 2012-01-03 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-02-22 11:29 . 2012-01-03 19:25 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2012-02-22 11:29 . 2012-01-03 19:25 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-02-22 11:29 . 2012-01-03 19:25 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-02-22 11:29 . 2012-01-03 19:25 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-02-22 11:29 . 2012-01-03 19:25 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-02-22 11:29 . 2012-01-03 19:25 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-02-22 11:29 . 2011-10-15 11:16 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-02-22 11:29 . 2011-10-15 11:16 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-14 22:21 . 2012-05-22 07:24 55008 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-22 07:24 37264 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-10-29 09:30 . 2012-05-21 06:08 12320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin

+ 2011-10-29 09:30 . 2012-05-22 07:24 12320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin

- 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-01 10:22 . 2012-05-22 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-01 10:22 . 2012-05-22 07:36 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-22 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-11-07 13:18 . 2012-05-19 22:57 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2010-05-14 22:15 . 2012-05-20 21:55 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2010-05-14 22:15 . 2012-05-21 23:21 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-05-22 06:58 . 2012-05-22 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-22 06:58 . 2012-05-22 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-29 14:44 . 2012-05-21 21:03 301860 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-05-22 07:03 616242 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-21 08:37 616242 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-21 08:37 106622 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-05-22 07:03 106622 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-05-20 21:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-21 23:21 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-12-01 10:52 . 2012-05-20 21:55 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-12-01 10:52 . 2012-05-21 23:21 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-10-29 09:25 . 2012-05-21 23:21 2824260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat

+ 2011-11-02 12:20 . 2012-05-21 22:51 26122028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]

S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x]

S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x]

S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54]

.

2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.254

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-05-22 09:41:39

ComboFix-quarantined-files.txt 2012-05-22 07:41

ComboFix2.txt 2012-05-21 22:34

ComboFix3.txt 2012-05-21 14:14

.

Pre-Run: 375.732.129.792 bytes free

Post-Run: 375.547.117.568 bytes free

.

- - End Of File - - 5166C49A0B25E2818F4FA369A6EFA277

Link naar reactie
Delen op andere sites

De snelkoppeling naar de PDFCreator mag je van het bureaublad verwijderen. Programma is ook verdwenen.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    4f8d1a3bd3fbd-EmsisoftEK11.jpg
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    4f8d1a4d61ffa-EmsisoftEK2.jpg
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites

Hierbij de log van de EmsiSoft Emergency Kit software.

Ik ga nu de computer herstarten.

Mvr Grt

TNWEmsisoft Emergency Kit - Versie 1.0

Laatste Update: 23/05/2012 11:07:35

Scaninstellingen:

Scantype: Diepe Scan

Objecten: Geheugen, Sporen, Cookies, C:\

Scan archieven: Aan

Heuristieken: Uit

ADS Scan: Aan

Scan gestart: 23/05/2012 11:09:28

C:\Qoobox\Quarantine\C\Program Files (x86)\PDFCreator\message.exe.vir Ontdekt: Riskware.Win32.InstallCore.AMN!A2

Gescand

Bestanden: 291283

Sporen: 408843

Cookies: 142

Processen: 91

Gevonden

Bestanden: 1

Sporen: 0

Cookies: 0

Processen: 0

Registersleutels: 0

Scan Geëindigd: 23/05/2012 13:15:41

Scantijd: 2:06:13

C:\Qoobox\Quarantine\C\Program Files (x86)\PDFCreator\message.exe.vir Verwijderd Riskware.Win32.InstallCore.AMN!A2

Verwijderd

Bestanden: 1

Sporen: 0

Cookies: 0

Link naar reactie
Delen op andere sites

Hoi, Nee blijkbaar zijn we nog niet klaar. Ik heb opnieuw opgestart na mijn laatste verstuurde log en verder nog niets gedaan.

De directory C:\program bestaat nog steeds. Hij lijkt leeg te zijn. Bij het opstarten geeft de computer nog steeds de foutmelding dat ik deze moet renamen want verwijderen zou andere programmas niet doen opstarten. Ik heb geprobeerd mezelf full control opties te geven als niet administrator, maar dat pakt hij niet. Ook rename lukt dus niet, hij wordt gebruikt zegt ie tijdens deze actie. Deleten zal dus ook niet lukken denk ik, maar nog niet geprobeerd.

Er bestaat naast c program files en c: programfilesx86 ook een C:\ ProgramData. Directory. In ProgramData is een directory genaamd C:\ProgramData\Babylon. Deze is echter ook schijnbaar leeg. Creactie: 0.39 uur op 20.05.2012

En van het zelfde tijdstip op het fatale download moment op 20-05-12 om 0:50 uur is C:\programData\TarmaInstaller. Hierin zit wel een filefolder met de naam: C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}. Hierin vind ik:

Een filefolder Cache en verder 5 files met setup.dll en setupx.dll, setup icon, set up application en detup.dat file.

De cache folder en dat file zijn weer van het gewraakte tijstip. De rest is van eerder (feb 2012 maak van het virus of zo?).

What do I do next. Alvast dank,

TNW.

P.s. De snelkoppeling van de PDF creator die nog verder te installeren was is inderdaad gedeteled van mijn bureaublad (handmatig gedaan).

Link naar reactie
Delen op andere sites

Herhaal nog even dit in "veilige modus" met Combofix :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\Program

c:\windows\system32\appmgmt

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.