Ga naar inhoud

Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

Tisnetwerruk
 Delen

Aanbevolen berichten

  • Reacties 36
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

Tisnetwerruk Leerling

Tisnetwerruk

Geplaatst:
  • Auteur
Geplaatst:

Hoi ik ben bezig.

Eerst gaf Combofix aan dat hij nog virusscannersactief zag. Deze geprobeerd in veilige modus uit te schakelen. Lukte niet. Computer met knop uitgedaan, daarna in normale modus opgestart virusscanners uitgedaan. Opnieuw in veilige modus opgestart en combofix proberen te starten door opnieuw slepen van file naar combofix. Combofix gaf nu aan dat ik kon stoppen (nee) of doorgaan met verminderde functionaliteitsversie. Heb ja op het laatste gedaan. Toen gaf hij in een dosscherm met groene letters enige commancos en toen gebeurde er niets en combofix icoon was van mijn bureau blad verdwenen. Geen processen of applicaties running op de achtergrond dus dat is vreemd en geen outputfile. Ik ben opnieuw opgestart in normale modus en heb combofix opnieuw via de link gedownload. Ik zal het nu nogmaals in veilige modus proberen... wordt vervolgd. Je hoort nog van me...

Link naar reactie
Delen op andere sites
Tisnetwerruk Leerling

Tisnetwerruk

Geplaatst:
  • Auteur
Geplaatst:

Hoi nogmaals hierbij het vervolg.

De foutmelding van de directory c:\program komt niet meer als ik opstart. Dus dat lijkt gelukt.

Wel bestaat er nog c:\programdata-babylon en c:\programdata\TarmaInstaller - zoals eerder gemeld. De eerste directory is leeg, de twee heeft nog een folder met een serie letters als naam, zie eerdere mail met daarin eenaantal setupfiles en applicatie. Zie eerdere mail. Moeten we daar nog iets aan doen.

Hierbij de combofix log:

ComboFix 12-06-02.02 - BvdGroen 02-06-2012 15:19:24.4.4 - x64 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2685 [GMT 2:00]

Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\BvdGroen\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Program

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-02 to 2012-06-02 ))))))))))))))))))))))))))))))

.

.

2012-06-02 13:23 . 2012-06-02 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-01 09:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AF5A79-AA87-44E2-BAB6-729214F3C03C}\mpengine.dll

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\programdata\Malwarebytes

2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner

2012-05-19 22:39 . 2012-05-19 22:50 -------- d-----w- c:\programdata\Tarma Installer

2012-05-19 22:39 . 2012-05-19 22:39 -------- d-----w- c:\programdata\Babylon

2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt

2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-14 22:21 . 2012-06-02 13:00 55838 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-02 13:00 37328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-29 09:30 . 2012-06-02 13:00 12506 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin

- 2009-12-01 10:22 . 2012-05-21 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-01 10:22 . 2012-06-02 13:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-01 10:22 . 2012-05-21 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-01 10:22 . 2012-06-02 13:05 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-02 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-21 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-11-07 13:18 . 2012-05-19 22:57 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-06-01 09:08 . 2012-06-01 09:08 9560 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin

+ 2012-06-01 09:08 . 2012-06-01 09:08 4280 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin

+ 2012-06-01 09:08 . 2012-06-01 09:08 2456 c:\windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin

- 2010-05-14 22:15 . 2012-05-20 21:55 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2010-05-14 22:15 . 2012-06-02 13:14 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-06-02 13:16 . 2012-06-02 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-02 13:16 . 2012-06-02 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-21 06:06 . 2012-05-21 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-29 14:44 . 2012-06-02 11:40 303472 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-05-21 08:37 616242 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-02 13:04 616242 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-02 13:04 106622 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-21 08:37 106622 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-06-02 13:14 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-05-20 21:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-06-01 09:14 . 2012-06-01 09:14 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

- 2009-12-01 10:36 . 2009-12-01 10:36 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

+ 2009-12-01 10:52 . 2012-06-02 13:14 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-12-01 10:52 . 2012-05-20 21:55 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-10-29 09:25 . 2012-06-02 13:14 5781092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat

+ 2011-11-02 12:20 . 2012-05-21 22:51 26122028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

R2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]

R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]

R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]

R2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x]

R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x]

R3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54]

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.156.0.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-06-02 15:26:03

ComboFix-quarantined-files.txt 2012-06-02 13:26

ComboFix2.txt 2012-05-22 07:41

ComboFix3.txt 2012-05-21 22:34

ComboFix4.txt 2012-05-21 14:14

.

Pre-Run: 374.371.053.568 bytes free

Post-Run: 374.336.999.424 bytes free

.

- - End Of File - - AF8F5CDEDBA5FC6139585D5A8B378376

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Deze beide vetgedrukte mappen :

c:\programdata\Tarma Installer

c:\programdata\Babylon

mag je probleemloos verwijderen. En daarna mag je Combofix opruimen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Link naar reactie
Delen op andere sites
Tisnetwerruk Leerling

Tisnetwerruk

Geplaatst:
  • Auteur
Geplaatst:

Hoi de aangegeven mappen gedeleted.

Ik begreep je instructie voor combofix verwijderen niet goed. Ik dacht dat ik combofix eerst moest opstarten (als administator met alle virusscanners weer uit). Dat gedaan en wilde toen je tekst plakken, maar hij was uiteraard aan het runnen. Ik heb hem netjes laten lopen Hierbij voor de zekerheid het logfile, voor het geval ik nu iets fouts gedaan heb, met het maken van een nieuw systeemherstel punt. De gewraakte files zijn wel allemaal weg, dus dat is goed gebleven.

Moet ik via het Windows icoon , links onder in mijn toolbalk een venster openen, waar hij naar mappen en bestanden kan zoeken (met het loepje icoon) en dan het combofix uninstall tekst intypen, zoals aangegeven. (Hij staat inderdaad niet bij uninstall programs binnen windows omgevings -dus zo gaat dat niet)??

ik hoor het graag! TNW.

ComboFix 12-06-02.02 - BvdGroen 03-06-2012 13:19:27.5.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2549 [GMT 2:00]

Gestart vanuit: C:\Users\BvdGroen\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-03 to 2012-06-03 ))))))))))))))))))))))))))))))

2012-06-03 12:01:33 . 2012-06-03 12:01:33 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-05-20 13:28:56 . 2012-05-20 13:28:56 -------- d-----w- C:\Users\BvdGroen\AppData\Roaming\Malwarebytes

2012-05-20 13:28:44 . 2012-05-20 13:28:44 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-20 13:28:43 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-05-20 13:28:42 . 2012-05-20 13:28:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-20 13:07:00 . 2012-05-20 13:07:00 388096 ----a-r- C:\Users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-20 13:06:58 . 2012-05-20 13:06:58 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-05-20 12:41:39 . 2012-05-20 12:56:41 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-05-20 11:44:40 . 2012-05-20 11:44:46 -------- d-----w- C:\Program Files\CCleaner

2012-05-19 22:35:08 . 2012-05-19 22:35:08 -------- d-----w- C:\Windows\system32\appmgmt

2012-05-11 07:26:24 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll

2012-05-11 07:26:23 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-11 07:26:20 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-05-11 07:26:19 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys

2012-05-11 07:26:18 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-11 07:26:17 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-11 07:25:42 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys

2012-05-11 07:25:26 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-05-11 07:25:22 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-11 07:25:22 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25:21 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-11 07:25:21 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25:20 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-06 18:54:23 . 2012-04-04 07:01:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-06 18:54:23 . 2011-11-07 13:09:35 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 18:54:13 . 2012-04-15 20:54:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 11:11:30 . 2012-01-03 19:10:37 162192 ----a-w- C:\Windows\system32\mfevtps.exe

((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 )))))))))))))))))))))))))))))))))))))))))

+ 2010-05-14 22:21:04 . 2012-06-03 09:20:55 55862 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10:35 . 2012-06-03 09:20:54 37360 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-29 09:30:05 . 2012-06-03 09:20:54 12784 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin

+ 2009-12-01 10:22:08 . 2012-06-03 09:47:12 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-01 10:22:08 . 2012-05-21 13:03:57 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-01 10:22:07 . 2012-06-03 09:47:12 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-01 10:22:07 . 2012-05-21 13:03:57 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54:19 . 2012-06-03 09:47:12 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54:19 . 2012-05-21 13:03:57 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-03 08:45:08 . 2012-01-03 08:45:08 16832 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll

+ 2012-01-03 21:51:18 . 2012-01-03 21:51:18 37296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe

+ 2012-01-03 08:44:22 . 2012-01-03 08:44:22 79280 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll

+ 2012-01-03 21:15:18 . 2012-01-03 21:15:18 99776 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe

+ 2012-01-03 20:52:40 . 2012-01-03 20:52:40 27048 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe

+ 2012-01-03 07:19:16 . 2012-01-03 07:19:16 16824 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe

+ 2012-01-03 07:16:32 . 2012-01-03 07:16:32 75200 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll

+ 2012-01-03 07:16:38 . 2012-01-03 07:16:38 61888 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll

- 2011-11-07 13:18:25 . 2012-05-19 22:57:54 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-11-07 13:18:25 . 2012-05-21 22:51:04 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-06-01 09:08:48 . 2012-06-01 09:08:48 9560 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin

+ 2012-06-01 09:08:48 . 2012-06-01 09:08:48 4280 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin

+ 2012-06-01 09:08:48 . 2012-06-01 09:08:48 2456 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin

+ 2010-05-14 22:15:07 . 2012-06-02 13:48:40 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2010-05-14 22:15:07 . 2012-05-20 21:55:01 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-29 14:44:46 . 2012-06-03 10:47:37 303528 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36:59 . 2012-06-03 09:22:51 616242 C:\Windows\system32\perfh009.dat

- 2009-07-14 02:36:59 . 2012-05-21 08:37:58 616242 C:\Windows\system32\perfh009.dat

+ 2009-07-14 02:36:59 . 2012-06-03 09:22:51 106622 C:\Windows\system32\perfc009.dat

- 2009-07-14 02:36:59 . 2012-05-21 08:37:58 106622 C:\Windows\system32\perfc009.dat

- 2009-07-14 05:01:48 . 2012-05-20 21:55:00 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01:48 . 2012-06-02 13:48:40 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-06-01 09:14:28 . 2012-06-01 09:14:28 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

- 2009-12-01 10:36:32 . 2009-12-01 10:36:32 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

+ 2012-01-03 07:23:56 . 2012-01-03 07:23:56 378264 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll

+ 2012-01-03 07:22:02 . 2012-01-03 07:22:02 103864 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll

+ 2012-01-03 08:43:50 . 2012-01-03 08:43:50 550360 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe

+ 2012-01-03 07:40:46 . 2012-01-03 07:40:46 120240 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll

+ 2012-01-03 21:50:30 . 2012-01-03 21:50:30 357808 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe

+ 2012-01-03 07:16:48 . 2012-01-03 07:16:48 665008 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll

+ 2012-01-03 08:38:04 . 2012-01-03 08:38:04 280024 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe

+ 2012-01-03 08:08:10 . 2012-01-03 08:08:10 251296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe

+ 2009-12-01 10:52:02 . 2012-06-02 13:48:40 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-12-01 10:52:02 . 2012-05-20 21:55:17 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-10-29 09:25:13 . 2012-06-02 13:48:40 5781092 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat

+ 2012-03-27 15:47:55 . 2012-03-27 15:47:55 4959232 C:\Windows\Installer\2499f.msp

+ 2012-01-03 07:18:24 . 2012-01-03 07:18:24 2405784 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll

+ 2011-11-17 15:50:50 . 2011-11-17 15:50:50 6543872 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll

+ 2011-11-02 12:20:16 . 2012-05-21 22:51:05 26122028 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat

+ 2012-01-03 21:15:12 . 2012-01-03 21:15:12 20559288 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll

-- Snapshot teruggezet naar huidige datum --

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 22:25:22 284696]

"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 13:40:22 316784]

"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 17:22:44 538472]

"MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 10:41:29 26624]

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-21 19:18:44 1675160]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712]

"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);C:\Windows\TEMP\008724~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 04:49:14 362992]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 18:54:25 257696]

R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664]

R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 04:49:04 313840]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 22:25:24 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936]

S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 10:56:24 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x]

S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 11:24:38 330488]

S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 04:36:18 259192]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 20:52:04 2320920]

S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 06:46:06 845312]

S2 WTGService;WTGService;C:\Program Files (x86)\OneClickInternet\WTGService.exe [2010-03-15 16:53:18 316880]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x]

S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [x]

S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [x]

S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [x]

S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [x]

S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 15:10:10 574320]

S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 12:23:50 44736]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 08:55:10 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mfeavfk01

Inhoud van de 'Gedeelde Taken' map

2012-06-03 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:01:05 . 2012-05-06 18:54:25]

2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24]

2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-03-08 20:05:40 166424]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-03-08 20:04:28 391192]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-03-08 20:05:23 410648]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2010-02-22 19:51:00 16397416]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 09:43:18 9650720]

"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-10-29 16:28:50 84744]

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = https://www.google.nl/

mLocal Page = C:\Windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.156.0.1

ComboFix 12-06-02.02 - BvdGroen 03-06-2012 13:19:27.5.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2549 [GMT 2:00]

Gestart vanuit: C:\Users\BvdGroen\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-03 to 2012-06-03 ))))))))))))))))))))))))))))))

2012-06-03 12:01:33 . 2012-06-03 12:01:33 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-05-20 13:28:56 . 2012-05-20 13:28:56 -------- d-----w- C:\Users\BvdGroen\AppData\Roaming\Malwarebytes

2012-05-20 13:28:44 . 2012-05-20 13:28:44 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-20 13:28:43 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-05-20 13:28:42 . 2012-05-20 13:28:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-20 13:07:00 . 2012-05-20 13:07:00 388096 ----a-r- C:\Users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-20 13:06:58 . 2012-05-20 13:06:58 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-05-20 12:41:39 . 2012-05-20 12:56:41 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-05-20 11:44:40 . 2012-05-20 11:44:46 -------- d-----w- C:\Program Files\CCleaner

2012-05-19 22:35:08 . 2012-05-19 22:35:08 -------- d-----w- C:\Windows\system32\appmgmt

2012-05-11 07:26:24 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll

2012-05-11 07:26:23 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-11 07:26:20 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-05-11 07:26:19 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys

2012-05-11 07:26:18 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-11 07:26:17 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-11 07:25:42 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys

2012-05-11 07:25:26 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-05-11 07:25:22 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-11 07:25:22 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25:21 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-11 07:25:21 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25:20 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-06 18:54:23 . 2012-04-04 07:01:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-06 18:54:23 . 2011-11-07 13:09:35 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 18:54:13 . 2012-04-15 20:54:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 11:11:30 . 2012-01-03 19:10:37 162192 ----a-w- C:\Windows\system32\mfevtps.exe

((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.54.00 )))))))))))))))))))))))))))))))))))))))))

+ 2010-05-14 22:21:04 . 2012-06-03 09:20:55 55862 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10:35 . 2012-06-03 09:20:54 37360 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-29 09:30:05 . 2012-06-03 09:20:54 12784 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin

+ 2009-12-01 10:22:08 . 2012-06-03 09:47:12 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-01 10:22:08 . 2012-05-21 13:03:57 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-01 10:22:07 . 2012-06-03 09:47:12 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-01 10:22:07 . 2012-05-21 13:03:57 49152 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54:19 . 2012-06-03 09:47:12 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54:19 . 2012-05-21 13:03:57 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-03 08:45:08 . 2012-01-03 08:45:08 16832 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll

+ 2012-01-03 21:51:18 . 2012-01-03 21:51:18 37296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe

+ 2012-01-03 08:44:22 . 2012-01-03 08:44:22 79280 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll

+ 2012-01-03 21:15:18 . 2012-01-03 21:15:18 99776 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe

+ 2012-01-03 20:52:40 . 2012-01-03 20:52:40 27048 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe

+ 2012-01-03 07:19:16 . 2012-01-03 07:19:16 16824 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe

+ 2012-01-03 07:16:32 . 2012-01-03 07:16:32 75200 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll

+ 2012-01-03 07:16:38 . 2012-01-03 07:16:38 61888 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll

- 2011-11-07 13:18:25 . 2012-05-19 22:57:54 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-11-07 13:18:25 . 2012-05-21 22:51:04 5856 C:\Windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-06-01 09:08:48 . 2012-06-01 09:08:48 9560 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_48.bin

+ 2012-06-01 09:08:48 . 2012-06-01 09:08:48 4280 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_32.bin

+ 2012-06-01 09:08:48 . 2012-06-01 09:08:48 2456 C:\Windows\system32\NetworkList\Icons\{8F3E0F27-96DC-481E-83F4-267FB4E9A85C}_24.bin

+ 2010-05-14 22:15:07 . 2012-06-02 13:48:40 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2010-05-14 22:15:07 . 2012-05-20 21:55:01 1902 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-03 09:18:48 . 2012-06-03 09:18:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-21 06:06:31 . 2012-05-21 06:06:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-29 14:44:46 . 2012-06-03 10:47:37 303528 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36:59 . 2012-06-03 09:22:51 616242 C:\Windows\system32\perfh009.dat

- 2009-07-14 02:36:59 . 2012-05-21 08:37:58 616242 C:\Windows\system32\perfh009.dat

+ 2009-07-14 02:36:59 . 2012-06-03 09:22:51 106622 C:\Windows\system32\perfc009.dat

- 2009-07-14 02:36:59 . 2012-05-21 08:37:58 106622 C:\Windows\system32\perfc009.dat

- 2009-07-14 05:01:48 . 2012-05-20 21:55:00 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01:48 . 2012-06-02 13:48:40 389832 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-06-01 09:14:28 . 2012-06-01 09:14:28 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

- 2009-12-01 10:36:32 . 2009-12-01 10:36:32 371272 C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

+ 2012-01-03 07:23:56 . 2012-01-03 07:23:56 378264 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll

+ 2012-01-03 07:22:02 . 2012-01-03 07:22:02 103864 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll

+ 2012-01-03 08:43:50 . 2012-01-03 08:43:50 550360 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe

+ 2012-01-03 07:40:46 . 2012-01-03 07:40:46 120240 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll

+ 2012-01-03 21:50:30 . 2012-01-03 21:50:30 357808 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe

+ 2012-01-03 07:16:48 . 2012-01-03 07:16:48 665008 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll

+ 2012-01-03 08:38:04 . 2012-01-03 08:38:04 280024 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe

+ 2012-01-03 08:08:10 . 2012-01-03 08:08:10 251296 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe

+ 2009-12-01 10:52:02 . 2012-06-02 13:48:40 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-12-01 10:52:02 . 2012-05-20 21:55:17 1329752 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-10-29 09:25:13 . 2012-06-02 13:48:40 5781092 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat

+ 2012-03-27 15:47:55 . 2012-03-27 15:47:55 4959232 C:\Windows\Installer\2499f.msp

+ 2012-01-03 07:18:24 . 2012-01-03 07:18:24 2405784 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll

+ 2011-11-17 15:50:50 . 2011-11-17 15:50:50 6543872 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll

+ 2011-11-02 12:20:16 . 2012-05-21 22:51:05 26122028 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-4096.dat

+ 2012-01-03 21:15:12 . 2012-01-03 21:15:12 20559288 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll

-- Snapshot teruggezet naar huidige datum --

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 22:25:22 284696]

"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 13:40:22 316784]

"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 17:22:44 538472]

"MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 10:41:29 26624]

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-21 19:18:44 1675160]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712]

"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);C:\Windows\TEMP\008724~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 04:49:14 362992]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 18:54:25 257696]

R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:24 135664]

R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 04:49:04 313840]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 22:25:24 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 17:28:20 249936]

S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 10:56:24 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x]

S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 11:24:38 330488]

S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 04:36:18 259192]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 20:52:04 2320920]

S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 06:46:06 845312]

S2 WTGService;WTGService;C:\Program Files (x86)\OneClickInternet\WTGService.exe [2010-03-15 16:53:18 316880]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x]

S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [x]

S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [x]

S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [x]

S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [x]

S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 15:10:10 574320]

S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 12:23:50 44736]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 08:55:10 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mfeavfk01

Inhoud van de 'Gedeelde Taken' map

2012-06-03 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:01:05 . 2012-05-06 18:54:25]

2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24]

2012-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31:25 . 2009-12-01 10:31:24]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-10-29 19:08:36 5948168 ----a-w- C:\Program Files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-03-08 20:05:40 166424]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-03-08 20:04:28 391192]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-03-08 20:05:23 410648]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2010-02-22 19:51:00 16397416]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 09:43:18 9650720]

"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-10-29 16:28:50 84744]

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = https://www.google.nl/

mLocal Page = C:\Windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.156.0.1

Link naar reactie
Delen op andere sites
Tisnetwerruk Leerling

Tisnetwerruk

Geplaatst:
  • Auteur
Geplaatst:

Hoi ik weet niet wat ik fout gedaan heb. Misschien met de laatste combofix run, verkeerd herstelpunt, maar af en toe pakt hij toch weer een babylon search opdracht, als ik rechtstreeks iets intyp in de zoekbalk. Moet ik toch combofix deleten?

Babylon is niet weg! Hellup.... verdorrie. TNW

Link naar reactie
Delen op andere sites
Tisnetwerruk Leerling

Tisnetwerruk

Geplaatst:
  • Auteur
Geplaatst:

Hierbij het hijacklog,

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:54:37, on 5-6-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430232735.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O23 - Service: McAfee Application Installer Cleanup (0087241338716831) (0087241338716831mcinstcleanup) - Unknown owner - C:\Windows\TEMP\008724~1.EXE (file missing)

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Qualcomm Gobi 2000 Download Service (Sony) (QDLService2kSony) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\OneClickInternet\WTGService.exe

--

End of file - 12889 bytes

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Niks aan te merken op dit logje.

Durf je het aan om combofix nog eens te gebruiken?

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.