Ga naar inhoud

Text enchance...

Gast e.v

Door Gast e.v
in Archief Bestrijding malware & virussen

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\aohalekt.sys

c:\windows\system32\drivers\fchscbfx.sys

Folder::

c:\programdata\Premium

c:\program files (x86)\Optimizer Pro

c:\programdata\Codecv

c:\programdata\InstallMate

c:\program files (x86)\Yontoo

c:\programdata\Tarma Installer

Registry::

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C9A0C909-06AA-2681-A538-DC5042DB85CD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Optimizer Pro"="-

Driver::

aohalekt

fchscbfx

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast e.v

Gast e.v

Geplaatst:
Geplaatst:

ComboFix 12-06-03.01 - Kantoor-privé 05-06-2012 7:38:16.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2231 [GMT 2:00]

Gestart vanuit: C:\Users\Kantoor-privé\Desktop\ComboFix.exe

gebruikte Opdracht switches :: C:\Users\Kantoor-privé\Downloads\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\windows\system32\drivers\aohalekt.sys"

"c:\windows\system32\drivers\fchscbfx.sys"

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files (x86)\Optimizer Pro

c:\program files (x86)\Optimizer Pro\English.ini

c:\program files (x86)\Optimizer Pro\file_id.diz

c:\program files (x86)\Optimizer Pro\HomePage.url

c:\program files (x86)\Optimizer Pro\OptimizerPro.chm

c:\program files (x86)\Optimizer Pro\OptimizerPro.exe

c:\program files (x86)\Optimizer Pro\OptProGuard.exe

c:\program files (x86)\Optimizer Pro\OptProLauncher.exe

c:\program files (x86)\Optimizer Pro\OptProReminder.exe

c:\program files (x86)\Optimizer Pro\OptProSchedule.exe

c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe

c:\program files (x86)\Optimizer Pro\OptProStart.exe

c:\program files (x86)\Optimizer Pro\OptProUninstaller.exe

c:\program files (x86)\Optimizer Pro\scan.gif

c:\program files (x86)\Optimizer Pro\sqlite3.dll

c:\program files (x86)\Optimizer Pro\unins000.dat

c:\program files (x86)\Optimizer Pro\unins000.exe

c:\program files (x86)\Yontoo

c:\program files (x86)\Yontoo\YontooIEClient.dll

c:\programdata\Codecv

c:\programdata\Codecv\background.html

c:\programdata\Codecv\bhoclass.dll

c:\programdata\Codecv\content.js

c:\programdata\Codecv\data\content.js

c:\programdata\Codecv\data\jsondb.js

c:\programdata\Codecv\ekpfhboiebcjddegkohpeeleehhbdgig.crx

c:\programdata\Codecv\settings.ini

c:\programdata\Codecv\uninstall.exe

c:\programdata\InstallMate

c:\programdata\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll

c:\programdata\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll

c:\programdata\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120516171400.log

c:\programdata\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.dat

c:\programdata\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe

c:\programdata\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico

c:\programdata\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll

c:\programdata\Premium

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

-- Voorgaande Run --

Besmet exemplaar van C:\Windows\SysWow64\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - C:\Windows\ERDNT\cache86\userinit.exe

--------

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_aohalekt

-------\Service_fchscbfx

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-05 to 2012-06-05 ))))))))))))))))))))))))))))))

2012-06-05 06:40:29 . 2012-06-05 06:40:29 -------- d-----w- C:\Users\roel\AppData\Local\temp

2012-06-05 06:40:29 . 2012-06-05 06:40:29 -------- d-----w- C:\Users\Kantoor-privÚ\AppData\Local\temp

2012-06-05 06:40:29 . 2012-06-05 06:40:29 -------- d-----w- C:\Users\Gast\AppData\Local\temp

2012-06-05 06:40:29 . 2012-06-05 06:40:29 -------- d-----w- C:\Users\eline\AppData\Local\temp

2012-06-05 06:40:29 . 2012-06-05 06:40:29 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-06-05 06:40:29 . 2012-06-05 06:40:29 -------- d-----w- C:\Users\Administrator\AppData\Local\temp

2012-06-04 14:48:46 . 2012-05-08 17:02:23 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A304E79C-201A-42ED-9CE0-D7C024DED961}\mpengine.dll

2012-06-03 12:51:01 . 2012-05-08 17:02:23 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-02 13:10:21 . 2012-06-02 13:10:21 -------- d-----w- C:\Users\Kantoor-privé\AppData\Roaming\Malwarebytes

2012-06-02 13:10:05 . 2012-06-02 13:10:05 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-02 13:10:04 . 2012-06-02 13:10:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-02 13:10:04 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-05-26 08:13:05 . 2012-05-26 08:15:06 -------- d-----w- C:\Windows\system32\drivers\NAVx64\1000000.07D

2012-05-26 07:52:13 . 2012-05-26 07:52:13 -------- d-----w- C:\Program Files (x86)\Common Files\Java

2012-05-26 07:51:51 . 2012-05-26 07:51:43 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-26 07:51:42 . 2012-05-26 07:51:42 -------- d-----w- C:\Program Files (x86)\Java

2012-05-21 02:57:33 . 2012-05-21 02:57:33 -------- d-----w- C:\Users\Kantoor-privé\AppData\Roaming\Mozilla

2012-05-16 15:24:46 . 2012-05-16 15:24:46 -------- d-----w- C:\Users\Kantoor-privé\AppData\Roaming\Optimizer Pro

2012-05-11 13:57:03 . 2012-05-11 13:57:03 -------- d-----w- C:\Users\Kantoor-privé\AppData\Roaming\AnvSoft

2012-05-10 10:05:26 . 2012-05-10 10:05:26 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-10 02:05:27 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll

2012-05-10 02:05:27 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-10 02:05:22 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-05-10 02:05:21 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-10 02:05:21 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys

2012-05-10 02:05:20 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-10 02:05:07 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys

2012-05-10 02:05:00 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-05-10 02:04:58 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 02:04:57 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 02:04:57 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:04:57 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-10 02:04:57 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-26 08:13:38 . 2010-08-21 14:35:12 172592 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS

2012-05-26 08:13:28 . 2010-08-21 14:35:15 32304 ----a-r- C:\Windows\system32\drivers\SymIMV.sys

2012-05-26 07:51:43 . 2010-10-28 14:24:08 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-10 10:05:26 . 2011-07-21 21:28:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-20 18:44:12 . 2010-10-24 20:25:38 98688 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44:12 . 2009-12-02 13:23:40 203888 ----a-w- C:\Windows\system32\drivers\MpFilter.sys

2012-03-18 12:42:28 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll

2012-03-18 12:42:28 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-03-09 02:04:06 . 2012-03-09 02:04:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2012-03-09 02:04:06 . 2012-03-09 02:04:06 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe

2012-03-09 02:04:06 . 2012-03-09 02:04:06 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2012-03-09 02:04:06 . 2012-03-09 02:04:06 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll

2012-03-09 02:04:06 . 2012-03-09 02:04:06 161792 ----a-w- C:\Windows\SysWow64\msls31.dll

2012-03-09 02:04:06 . 2012-03-09 02:04:06 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll

2012-03-09 02:04:05 . 2012-03-09 02:04:05 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe

2012-03-09 02:04:05 . 2012-03-09 02:04:05 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll

2012-03-09 02:04:05 . 2012-03-09 02:04:05 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx

2012-03-09 02:04:05 . 2012-03-09 02:04:05 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-03-09 02:04:05 . 2012-03-09 02:04:05 367104 ----a-w- C:\Windows\SysWow64\html.iec

2012-03-09 02:04:05 . 2012-03-09 02:04:05 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll

2012-03-09 02:04:05 . 2012-03-09 02:04:05 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-03-09 02:04:05 . 2012-03-09 02:04:05 222208 ----a-w- C:\Windows\system32\msls31.dll

2012-03-09 02:04:05 . 2012-03-09 02:04:05 152064 ----a-w- C:\Windows\SysWow64\wextract.exe

2012-03-09 02:04:05 . 2012-03-09 02:04:05 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe

2012-03-09 02:04:05 . 2012-03-09 02:04:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-03-09 02:04:05 . 2012-03-09 02:04:05 11776 ----a-w- C:\Windows\SysWow64\mshta.exe

2012-03-09 02:04:05 . 2012-03-09 02:04:05 101888 ----a-w- C:\Windows\SysWow64\admparse.dll

2012-03-09 02:04:04 . 2012-03-09 02:04:04 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe

2012-03-09 02:04:04 . 2012-03-09 02:04:04 76800 ----a-w- C:\Windows\system32\tdc.ocx

2012-03-09 02:04:04 . 2012-03-09 02:04:04 49664 ----a-w- C:\Windows\system32\imgutil.dll

2012-03-09 02:04:04 . 2012-03-09 02:04:04 48640 ----a-w- C:\Windows\system32\mshtmler.dll

2012-03-09 02:04:04 . 2012-03-09 02:04:04 448512 ----a-w- C:\Windows\system32\html.iec

2012-03-09 02:04:04 . 2012-03-09 02:04:04 173056 ----a-w- C:\Windows\system32\ieUnatt.exe

2012-03-09 02:04:04 . 2012-03-09 02:04:04 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll

2012-03-09 02:04:04 . 2012-03-09 02:04:04 12288 ----a-w- C:\Windows\system32\mshta.exe

2012-03-09 02:04:04 . 2012-03-09 02:04:04 114176 ----a-w- C:\Windows\system32\admparse.dll

2012-03-09 02:04:04 . 2012-03-09 02:04:04 111616 ----a-w- C:\Windows\system32\iesysprep.dll

2012-03-09 02:04:03 . 2012-03-09 02:04:03 85504 ----a-w- C:\Windows\system32\iesetup.dll

2012-03-09 02:04:03 . 2012-03-09 02:04:03 603648 ----a-w- C:\Windows\system32\vbscript.dll

2012-03-09 02:04:03 . 2012-03-09 02:04:03 30720 ----a-w- C:\Windows\system32\licmgr10.dll

2012-03-09 02:04:03 . 2012-03-09 02:04:03 165888 ----a-w- C:\Windows\system32\iexpress.exe

2012-03-09 02:04:03 . 2012-03-09 02:04:03 160256 ----a-w- C:\Windows\system32\wextract.exe

((((((((((((((((((((((((((((( SnapShot@2012-06-03_12.41.24 )))))))))))))))))))))))))))))))))))))))))

- 2009-07-14 04:54:17 . 2012-05-27 14:08:56 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54:17 . 2012-06-04 14:55:22 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54:17 . 2012-05-27 14:08:56 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54:17 . 2012-06-04 14:55:22 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54:17 . 2012-05-27 14:08:56 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54:17 . 2012-06-04 14:55:22 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-02-23 08:21:10 . 2012-06-04 14:46:30 44734 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10:35 . 2012-06-05 12:56:57 51476 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-08-21 14:32:13 . 2012-06-05 12:56:57 15650 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3443243733-2342495130-868653106-1003_UserData.bin

- 2010-08-21 14:16:10 . 2012-05-30 15:41:06 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-21 14:16:10 . 2012-06-04 20:46:22 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-21 14:16:10 . 2012-05-29 11:48:00 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-08-21 14:16:10 . 2012-06-04 20:46:22 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54:19 . 2012-05-29 11:48:00 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54:19 . 2012-06-04 20:46:22 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-08-21 17:07:04 . 2012-06-03 14:08:46 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-21 17:07:04 . 2012-05-30 15:41:06 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-06-03 12:40:53 . 2012-06-03 12:40:53 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-05 12:55:12 . 2012-06-05 12:55:12 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-05 12:55:12 . 2012-06-05 12:55:12 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-03 12:40:53 . 2012-06-03 12:40:53 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 09:16:31 . 2012-06-04 14:49:18 762700 C:\Windows\system32\perfh013.dat

- 2009-07-14 09:16:31 . 2012-06-03 11:36:04 762700 C:\Windows\system32\perfh013.dat

- 2009-07-14 02:36:59 . 2012-06-03 11:36:04 667810 C:\Windows\system32\perfh009.dat

+ 2009-07-14 02:36:59 . 2012-06-04 14:49:18 667810 C:\Windows\system32\perfh009.dat

+ 2009-07-14 09:16:31 . 2012-06-04 14:49:18 159960 C:\Windows\system32\perfc013.dat

- 2009-07-14 09:16:31 . 2012-06-03 11:36:04 159960 C:\Windows\system32\perfc013.dat

- 2009-07-14 02:36:59 . 2012-06-03 11:36:04 125844 C:\Windows\system32\perfc009.dat

+ 2009-07-14 02:36:59 . 2012-06-04 14:49:18 125844 C:\Windows\system32\perfc009.dat

+ 2012-06-04 18:14:05 . 2012-06-04 18:14:05 237288 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm26.bin

- 2009-07-14 05:01:48 . 2012-06-03 12:39:05 407956 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01:48 . 2012-06-05 12:37:07 407956 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-12-16 02:19:04 . 2012-06-05 12:37:07 6351980 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3443243733-2342495130-868653106-1003-8192.dat

+ 2012-03-18 11:51:16 . 2012-06-05 12:37:08 1121516 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3443243733-2342495130-868653106-1003-12288.dat

- 2012-03-18 11:51:16 . 2012-06-03 12:39:10 1121516 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3443243733-2342495130-868653106-1003-12288.dat

+ 2009-07-14 02:34:08 . 2012-06-05 01:11:34 10747904 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34:08 . 2012-05-11 01:26:16 10747904 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2012-06-05 12:35:46 . 2012-06-05 12:35:46 53217792 C:\Windows\Installer\4b10082.msp

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-03-18 11:28:52 1869152 ----a-w- C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-18 11:28:52 1869152]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DriverScanner"="C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-21 10:56:44 338808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-09-08 09:17:42 421888]

"B2C_AGENT"="C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 00:53:14 404568]

"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2012-03-18 11:28:52 982880]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 08:07:56 843712]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]

R2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 17:38:04 136176]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 07:16:46 158856]

R3 3wareDrv;3wareDrv;C:\Windows\system32\DRIVERS\3wareDrv.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 10:05:27 257696]

R3 adp3132;adp3132;C:\Windows\system32\DRIVERS\adp3132.sys [x]

R3 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys [x]

R3 arcs_a64;arcs_a64;C:\Windows\system32\DRIVERS\arcs_a64.sys [x]

R3 FTOIIs;FTOIIs;C:\Windows\system32\DRIVERS\FTOIIs.sys [x]

R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 17:38:04 136176]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]

R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\system32\DRIVERS\lgbtpt64.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\system32\DRIVERS\lgbtbs64.sys [x]

R3 LGVMODEM;LGE Virtual Modem;C:\Windows\system32\DRIVERS\lgvmdm64.sys [x]

R3 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [x]

R3 mv64xx;mv64xx;C:\Windows\system32\DRIVERS\mv64xx.sys [x]

R3 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys [x]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 16:49:56 291696]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [x]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [x]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMEFA64.SYS [x]

S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\drivers\NAVx64\1008000.029\BHDrvx64.sys [x]

S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1000000.07D\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120602.001\IDSvia64.sys [2012-05-25 13:09:46 488568]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-12-03 10:53:26 341296]

S2 Norton AntiVirus;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [2012-05-26 08:13:25 115560]

S2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 11:39:27 2002728]

S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 09:43:20 2280312]

S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-18 11:28:53 918880]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-16 04:16:20 138912]

S3 nskbfltr;nskbfltr;C:\Windows\system32\drivers\nskbfltr.sys [x]

S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [x]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMNDISV.SYS [x]

Inhoud van de 'Gedeelde Taken' map

2012-06-05 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 10:05:27 . 2012-05-10 10:05:27]

2012-06-05 C:\Windows\Tasks\DriverScanner.job

- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-04-05 19:03:46 . 2012-03-21 10:56:44]

2012-06-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 17:38:11 . 2010-09-07 17:38:04]

2012-06-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 17:38:11 . 2010-09-07 17:38:04]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PtiuPbmd"="ulutil2.dll" [2004-01-30 13:06:48 146432]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 15:27:28 10806816]

"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 09:01:16 319488]

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-03-26 16:54:34 1271168]

"combofix"="C:\ComboFix\CF32417.3XE" [2010-11-20 13:24:33 345088]

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = C:\Windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - C:\Users\Kantoor-privé\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://www.keukencreator.nl/NiVoKeuken/Core/Player/2020PlayerAX_WEB_Win32.cab

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Optimizer Pro - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

WebBrowser-{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Optimizer Pro_is1 - C:\Program Files (x86)\Optimizer Pro\unins000.exe

AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - C:\ProgramData\Codecv\uninstall.exe

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Vergeet niet de restjes van de besmetting en gebruikte tools op te ruimen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.