Ga naar inhoud

wanhoop nabij

jsc

Door jsc
in Archief Bestrijding malware & virussen

 Delen

Aanbevolen berichten

jsc Leerling

jsc

Geplaatst:
  • Auteur
Geplaatst: (aangepast)
Dit is wel een heel vreemde evolutie. Het eerste logje was behoorlijk groter dan het nieuwe logje. Heb je nog meer items gefixed met HijackThis dan aangegeven ? Of is dit laatste log niet het volledige log dat je nu hebt aangemaakt in "veilige modus" ?

Is volledig, in veilige modus idd. ik blijf in veilige modus (niet echt handig) tot volgende stap

aangepast door kape
Link naar reactie
Delen op andere sites
  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
jsc Leerling

jsc

Geplaatst:
  • Auteur
Geplaatst:

avast was op op voorhand uirgeschakeld (malware doet z'n werk goed.

Hieronder combofix log :ComboFix 12-11-13.03 - Pierre 14/11/2012 8:26:46.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1123 [GMT 1:00]

Gestart vanuit: C:\Users\Pierre\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\system32\drivers\etc\hosts.ics

C:\Windows\system32\muzapp.exe

C:\Windows\system32\roboot.exe

C:\Windows\system32\System32\MASetupCleaner.exe

C:\Windows\system32\System32\muzapp.exe

G:\Autorun.inf

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))

2012-11-14 07:39:30 . 2012-11-14 07:39:53 -------- d-----w- C:\Users\Pierre\AppData\Local\temp

2012-11-14 07:39:30 . 2012-11-14 07:39:30 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-11-13 19:13:50 . 2012-08-21 12:01:22 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys

2012-11-13 08:29:04 . 2012-10-12 05:56:01 6918632 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll

2012-11-08 11:36:44 . 2012-11-08 11:36:44 -------- d-----w- C:\Program Files\Systweak

2012-11-08 11:20:43 . 2012-11-09 06:59:11 -------- d-----w- C:\ProgramData\Systweak

2012-11-08 11:20:41 . 2012-11-09 07:47:10 -------- d-----w- C:\Program Files\Advanced System Protector

2012-11-08 11:19:01 . 2012-11-09 07:06:19 -------- d-----w- C:\Users\Pierre\AppData\Roaming\Systweak

2012-11-07 15:04:52 . 2012-11-13 19:13:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-11-01 09:08:37 . 2012-11-13 17:07:30 -------- d-----w- C:\Users\Pierre\AppData\Local\ElevatedDiagnostics

2012-10-28 08:05:53 . 2012-10-30 22:51:58 361032 ----a-w- C:\Windows\system32\drivers\aswSP.sys

2012-10-28 08:05:53 . 2012-10-30 22:51:56 21256 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys

2012-10-28 08:05:38 . 2012-10-30 22:51:56 106560 ----a-w- C:\Windows\system32\drivers\aswFW.sys

2012-10-28 08:04:59 . 2012-10-30 22:51:58 199320 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys

2012-10-28 08:04:58 . 2012-10-30 22:51:58 54232 ----a-w- C:\Windows\system32\drivers\aswTdi.sys

2012-10-28 08:04:58 . 2012-10-15 17:59:28 44784 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys

2012-10-28 08:04:57 . 2012-10-30 22:51:56 20624 ----a-w- C:\Windows\system32\drivers\aswKbd.sys

2012-10-28 08:04:55 . 2012-10-30 22:51:58 738504 ----a-w- C:\Windows\system32\drivers\aswSnx.sys

2012-10-28 08:04:54 . 2012-10-30 22:51:57 58680 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys

2012-10-28 08:04:17 . 2012-09-21 10:26:08 12112 ----a-w- C:\Windows\system32\drivers\aswNdis.sys

2012-10-28 08:04:16 . 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-28 08:04:16 . 2012-10-30 22:50:59 227648 ----a-w- C:\Windows\system32\aswBoot.exe

2012-10-27 18:22:13 . 2012-10-28 08:23:11 96224 ----a-w- C:\Program Files\Mozilla Firefox\webapprt-stub.exe

2012-10-27 18:22:13 . 2012-10-28 08:23:11 157272 ----a-w- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe

2012-10-26 12:34:11 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys

2012-10-26 12:34:11 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys

2012-10-26 12:34:11 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll

2012-10-26 12:33:24 . 2012-10-26 12:33:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center

2012-10-25 02:12:26 . 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx

2012-10-25 02:12:26 . 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\system32\QuickTime.qts

2012-10-19 04:55:27 . 2012-10-19 04:55:27 -------- d-----w- C:\ProgramData\FileCure

2012-10-19 04:55:26 . 2012-10-19 04:55:26 -------- d-----w- C:\Program Files\ParetoLogic

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-10-12 14:33:52 . 2012-10-12 14:33:52 862664 ----a-w- C:\Windows\system32\msvcr110.dll

2012-10-12 14:33:52 . 2012-10-12 14:33:52 534480 ----a-w- C:\Windows\system32\msvcp110.dll

2012-10-12 14:33:52 . 2012-10-12 14:33:52 251864 ----a-w- C:\Windows\system32\vccorlib110.dll

2012-10-12 14:33:50 . 2012-10-12 14:33:50 44184 ----a-w- C:\Windows\system32\drivers\point32.sys

2012-10-12 14:33:50 . 2012-10-12 14:33:50 1629040 ----a-w- C:\Windows\system32\WdfCoInstaller01011.dll

2012-10-10 16:18:27 . 2012-04-01 10:11:20 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe

2012-10-10 16:18:27 . 2011-05-25 13:37:13 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 17:54:26 . 2010-11-26 08:04:35 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-09-28 20:32:08 . 2012-09-28 20:32:08 2122408 ----a-w- C:\Windows\system32\coin92.dll

2012-09-24 14:32:24 . 2012-07-12 08:45:11 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll

2012-09-24 14:32:20 . 2010-12-12 09:03:29 473072 ----a-w- C:\Windows\system32\deployJava1.dll

2012-09-14 18:28:53 . 2012-10-10 19:03:21 2048 ----a-w- C:\Windows\system32\tzres.dll

2012-09-06 16:41:21 . 2012-09-06 16:41:21 57344 ----a-r- C:\Users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2012-09-06 16:38:45 . 2012-09-06 16:39:08 106496 ----a-w- C:\Windows\system32\ATL71.DLL

2012-08-31 17:18:09 . 2012-10-10 19:00:43 1211760 ----a-w- C:\Windows\system32\drivers\ntfs.sys

2012-08-30 17:12:02 . 2012-10-10 19:00:26 3914096 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-08-30 17:12:02 . 2012-10-10 19:00:24 3968880 ----a-w- C:\Windows\system32\ntkrnlpa.exe

2012-08-24 16:57:48 . 2012-10-10 19:03:33 172544 ----a-w- C:\Windows\system32\wintrust.dll

2012-08-24 06:59:17 . 2012-09-22 17:30:00 1800704 ----a-w- C:\Windows\system32\jscript9.dll

2012-08-24 06:51:27 . 2012-09-22 17:30:01 1129472 ----a-w- C:\Windows\system32\wininet.dll

2012-08-24 06:51:02 . 2012-09-22 17:29:57 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl

2012-08-24 06:47:26 . 2012-09-22 17:30:03 142848 ----a-w- C:\Windows\system32\ieUnatt.exe

2012-08-24 06:47:12 . 2012-09-22 17:30:05 420864 ----a-w- C:\Windows\system32\vbscript.dll

2012-08-24 06:43:58 . 2012-09-22 17:30:05 2382848 ----a-w- C:\Windows\system32\mshtml.tlb

2012-08-22 17:16:54 . 2012-09-20 14:53:23 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-08-22 17:16:46 . 2012-09-20 14:53:32 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys

2012-08-22 17:16:46 . 2012-09-20 14:53:23 240496 ----a-w- C:\Windows\system32\drivers\netio.sys

2012-08-22 17:16:36 . 2012-09-20 14:53:22 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 20:12:27 . 2012-09-26 09:19:06 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe

2012-08-21 12:01:22 . 2011-03-15 07:31:36 106928 ----a-w- C:\Windows\system32\GEARAspi.dll

2012-08-20 17:40:31 . 2012-10-10 19:02:28 169984 ----a-w- C:\Windows\system32\winsrv.dll

2012-08-20 17:40:01 . 2012-10-10 19:02:29 293376 ----a-w- C:\Windows\system32\KernelBase.dll

2012-08-20 17:37:58 . 2012-10-10 19:02:28 271360 ----a-w- C:\Windows\system32\conhost.exe

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:14 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32:12 . 2012-10-10 19:02:14 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:17 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:16 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:16 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:16 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2007-03-12 16:59:00 . 2007-03-12 16:59:00 299008 ----a-w- C:\Program Files\navigram_register.exe

2012-10-28 08:23:15 . 2011-03-23 09:59:42 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50:38 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-09 22:30:34 421776]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]

path=C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

backup=C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 22:30:34 421776 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-09-29 17:54:26 981656 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 02:12:14 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-11-09 08:05:45 4763008 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]

R3 A38CCID;CCID USB Smart Card Reader;C:\Windows\system32\DRIVERS\a38ccid.sys [x]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]

R3 TsUsbFlt;TsUsbFlt; [x]

R4 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [x]

R4 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [x]

S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]

S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x]

S2 SZASSIST;SecretZone Assist Service;C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]

S3 mdf16;mdf16;C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys [x]

S3 mvd22;mvd22;C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [x]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

Inhoud van de 'Gedeelde Taken' map

2012-11-14 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:11:20 . 2012-10-10 16:18:27]

2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]

2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]

2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job

- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]

2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job

- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]

------- Bijkomende Scan -------

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 195.130.131.5 195.130.130.133

FF - ProfilePath - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Digsby Donates - C:\Program Files\Digsby Donates\Uninst.exe

AddRemove-ImgBurn - I:\ImgBurn\uninstall.exe

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Heb even je topic heropend, want we zijn er nog niet helemaal ;-)

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht, samen met een nieuw logje van HijackThis in normale modus.

Link naar reactie
Delen op andere sites
jsc Leerling

jsc

Geplaatst:
  • Auteur
Geplaatst:

Haast en spoed ... :embarassed:

Hier is het, en ik wacht nu netjes op de zegen van Kape :

ComboFix 12-11-14.01 - Pierre 15/11/2012 9:09.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1097 [GMT 1:00]

Gestart vanuit: c:\users\Pierre\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pierre\Desktop\CFScript.txt

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

---- Voorgaande Run -------

.

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\muzapp.exe

c:\windows\system32\roboot.exe

c:\windows\system32\System32\MASetupCleaner.exe

c:\windows\system32\System32\muzapp.exe

G:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))

.

.

2012-11-15 08:22 . 2012-11-15 08:22 -------- d-----w- c:\users\Pierre\AppData\Local\temp

2012-11-15 08:22 . 2012-11-15 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-13 19:13 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-11-13 08:29 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll

2012-11-08 11:36 . 2012-11-08 11:36 -------- d-----w- c:\program files\Systweak

2012-11-08 11:20 . 2012-11-09 06:59 -------- d-----w- c:\programdata\Systweak

2012-11-08 11:20 . 2012-11-09 07:47 -------- d-----w- c:\program files\Advanced System Protector

2012-11-08 11:19 . 2012-11-09 07:06 -------- d-----w- c:\users\Pierre\AppData\Roaming\Systweak

2012-11-07 15:04 . 2012-11-13 19:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-10-28 08:05 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-28 08:05 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-28 08:05 . 2012-10-30 22:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-10-28 08:04 . 2012-10-30 22:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-10-28 08:04 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-28 08:04 . 2012-10-15 17:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-10-28 08:04 . 2012-10-30 22:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-10-28 08:04 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-28 08:04 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-28 08:04 . 2012-09-21 10:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-10-28 08:04 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-10-28 08:04 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-27 18:22 . 2012-10-28 08:23 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe

2012-10-27 18:22 . 2012-10-28 08:23 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe

2012-10-26 12:34 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-10-26 12:34 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-10-26 12:34 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\programdata\FileCure

2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\program files\ParetoLogic

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-12 14:33 . 2012-10-12 14:33 862664 ----a-w- c:\windows\system32\msvcr110.dll

2012-10-12 14:33 . 2012-10-12 14:33 534480 ----a-w- c:\windows\system32\msvcp110.dll

2012-10-12 14:33 . 2012-10-12 14:33 251864 ----a-w- c:\windows\system32\vccorlib110.dll

2012-10-12 14:33 . 2012-10-12 14:33 44184 ----a-w- c:\windows\system32\drivers\point32.sys

2012-10-12 14:33 . 2012-10-12 14:33 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll

2012-10-10 16:18 . 2012-04-01 10:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-10 16:18 . 2011-05-25 13:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 17:54 . 2010-11-26 08:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 20:32 . 2012-09-28 20:32 2122408 ----a-w- c:\windows\system32\coin92.dll

2012-09-24 14:32 . 2012-07-12 08:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 14:32 . 2010-12-12 09:03 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-14 18:28 . 2012-10-10 19:03 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-06 16:41 . 2012-09-06 16:41 57344 ----a-r- c:\users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2012-09-06 16:38 . 2012-09-06 16:39 106496 ----a-w- c:\windows\system32\ATL71.DLL

2012-08-31 17:18 . 2012-10-10 19:00 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 17:12 . 2012-10-10 19:00 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 19:00 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-24 16:57 . 2012-10-10 19:03 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59 . 2012-09-22 17:30 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-22 17:30 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-22 17:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 17:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 17:30 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-22 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-22 17:16 . 2012-09-20 14:53 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 17:16 . 2012-09-20 14:53 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 17:16 . 2012-09-20 14:53 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 17:16 . 2012-09-20 14:53 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 20:12 . 2012-09-26 09:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 12:01 . 2011-03-15 07:31 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2012-08-20 17:40 . 2012-10-10 19:02 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 17:40 . 2012-10-10 19:02 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 17:37 . 2012-10-10 19:02 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 17:32 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe

2012-10-28 08:23 . 2011-03-23 09:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98"="c:\users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]

path=c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-11-09 08:05 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 TsUsbFlt;TsUsbFlt; [x]

R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]

S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x]

S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:18]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job

- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job

- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 195.130.131.5 195.130.130.133

FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-11-15 09:30:25

ComboFix-quarantined-files.txt 2012-11-15 08:30

.

Pre-Run: 134.845.755.392 bytes free

Post-Run: 134.765.879.296 bytes beschikbaar

.

- - End Of File - - A829924434C8197BE99E9C935FF80E21

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Vreemd ... dit is niet helemaal goed gegaan. Wil je dit nog eens herhalen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht, samen met een nieuw logje van HijackThis in normale modus.

Link naar reactie
Delen op andere sites
jsc Leerling

jsc

Geplaatst:
  • Auteur
Geplaatst:

avast heb ik moeten verwijderen (kon hem niet stoppen)

ComboFix 12-11-14.01 - Pierre 15/11/2012 11:46:08.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.860 [GMT 1:00]

Gestart vanuit: c:\users\Pierre\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pierre\Desktop\CFScript.txt

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))

.

.

2012-11-15 10:57 . 2012-11-15 10:59 -------- d-----w- c:\users\Pierre\AppData\Local\temp

2012-11-15 10:57 . 2012-11-15 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-15 10:37 . 2012-11-15 10:37 -------- d-----w- c:\users\Pierre\AppData\Local\ElevatedDiagnostics

2012-11-13 19:13 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-11-13 08:29 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll

2012-11-08 11:36 . 2012-11-08 11:36 -------- d-----w- c:\program files\Systweak

2012-11-08 11:20 . 2012-11-09 06:59 -------- d-----w- c:\programdata\Systweak

2012-11-08 11:20 . 2012-11-09 07:47 -------- d-----w- c:\program files\Advanced System Protector

2012-11-08 11:19 . 2012-11-09 07:06 -------- d-----w- c:\users\Pierre\AppData\Roaming\Systweak

2012-11-07 15:04 . 2012-11-13 19:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-10-27 18:22 . 2012-10-28 08:23 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe

2012-10-27 18:22 . 2012-10-28 08:23 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe

2012-10-26 12:34 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-10-26 12:34 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-10-26 12:34 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\programdata\FileCure

2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\program files\ParetoLogic

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-12 14:33 . 2012-10-12 14:33 862664 ----a-w- c:\windows\system32\msvcr110.dll

2012-10-12 14:33 . 2012-10-12 14:33 534480 ----a-w- c:\windows\system32\msvcp110.dll

2012-10-12 14:33 . 2012-10-12 14:33 251864 ----a-w- c:\windows\system32\vccorlib110.dll

2012-10-12 14:33 . 2012-10-12 14:33 44184 ----a-w- c:\windows\system32\drivers\point32.sys

2012-10-12 14:33 . 2012-10-12 14:33 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll

2012-10-10 16:18 . 2012-04-01 10:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-10 16:18 . 2011-05-25 13:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 17:54 . 2010-11-26 08:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 20:32 . 2012-09-28 20:32 2122408 ----a-w- c:\windows\system32\coin92.dll

2012-09-24 14:32 . 2012-07-12 08:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 14:32 . 2010-12-12 09:03 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-14 18:28 . 2012-10-10 19:03 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-06 16:41 . 2012-09-06 16:41 57344 ----a-r- c:\users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2012-09-06 16:38 . 2012-09-06 16:39 106496 ----a-w- c:\windows\system32\ATL71.DLL

2012-08-31 17:18 . 2012-10-10 19:00 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 17:12 . 2012-10-10 19:00 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 19:00 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-24 16:57 . 2012-10-10 19:03 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59 . 2012-09-22 17:30 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-22 17:30 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-22 17:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 17:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 17:30 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-22 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-22 17:16 . 2012-09-20 14:53 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 17:16 . 2012-09-20 14:53 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 17:16 . 2012-09-20 14:53 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 17:16 . 2012-09-20 14:53 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 20:12 . 2012-09-26 09:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 12:01 . 2011-03-15 07:31 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2012-08-20 17:40 . 2012-10-10 19:02 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 17:40 . 2012-10-10 19:02 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 17:37 . 2012-10-10 19:02 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 17:32 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe

2012-10-28 08:23 . 2011-03-23 09:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98"="c:\users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]

path=c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-11-09 08:05 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 TsUsbFlt;TsUsbFlt; [x]

R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]

S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x]

S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:18]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job

- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job

- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 195.130.131.5 195.130.130.133

FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3760)

c:\program files\MozyHome\mozyshell.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\atieclxx.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conhost.exe

c:\program files\MozyHome\mozybackup.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\MozyHome\mozybackup.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\sdclt.exe

.

**************************************************************************

.

Voltooingstijd: 2012-11-15 12:04:04 - machine werd herstart

ComboFix-quarantined-files.txt 2012-11-15 11:04

ComboFix2.txt 2012-11-15 08:30

.

Pre-Run: 133.448.585.216 bytes free

Post-Run: 133.387.776.000 bytes beschikbaar

.

- - End Of File - - 738A343AE99D4D40A43605031ABCB850

--------------------------------------------------------------------------------------------------------

ComboFix 12-11-13.03 - Pierre 14/11/2012 8:26:46.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1123 [GMT 1:00]

Gestart vanuit: C:\Users\Pierre\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\system32\drivers\etc\hosts.ics

C:\Windows\system32\muzapp.exe

C:\Windows\system32\roboot.exe

C:\Windows\system32\System32\MASetupCleaner.exe

C:\Windows\system32\System32\muzapp.exe

G:\Autorun.inf

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))

2012-11-14 07:39:30 . 2012-11-14 07:39:53 -------- d-----w- C:\Users\Pierre\AppData\Local\temp

2012-11-14 07:39:30 . 2012-11-14 07:39:30 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-11-13 19:13:50 . 2012-08-21 12:01:22 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys

2012-11-13 08:29:04 . 2012-10-12 05:56:01 6918632 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll

2012-11-08 11:36:44 . 2012-11-08 11:36:44 -------- d-----w- C:\Program Files\Systweak

2012-11-08 11:20:43 . 2012-11-09 06:59:11 -------- d-----w- C:\ProgramData\Systweak

2012-11-08 11:20:41 . 2012-11-09 07:47:10 -------- d-----w- C:\Program Files\Advanced System Protector

2012-11-08 11:19:01 . 2012-11-09 07:06:19 -------- d-----w- C:\Users\Pierre\AppData\Roaming\Systweak

2012-11-07 15:04:52 . 2012-11-13 19:13:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-11-01 09:08:37 . 2012-11-13 17:07:30 -------- d-----w- C:\Users\Pierre\AppData\Local\ElevatedDiagnostics

2012-10-28 08:05:53 . 2012-10-30 22:51:58 361032 ----a-w- C:\Windows\system32\drivers\aswSP.sys

2012-10-28 08:05:53 . 2012-10-30 22:51:56 21256 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys

2012-10-28 08:05:38 . 2012-10-30 22:51:56 106560 ----a-w- C:\Windows\system32\drivers\aswFW.sys

2012-10-28 08:04:59 . 2012-10-30 22:51:58 199320 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys

2012-10-28 08:04:58 . 2012-10-30 22:51:58 54232 ----a-w- C:\Windows\system32\drivers\aswTdi.sys

2012-10-28 08:04:58 . 2012-10-15 17:59:28 44784 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys

2012-10-28 08:04:57 . 2012-10-30 22:51:56 20624 ----a-w- C:\Windows\system32\drivers\aswKbd.sys

2012-10-28 08:04:55 . 2012-10-30 22:51:58 738504 ----a-w- C:\Windows\system32\drivers\aswSnx.sys

2012-10-28 08:04:54 . 2012-10-30 22:51:57 58680 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys

2012-10-28 08:04:17 . 2012-09-21 10:26:08 12112 ----a-w- C:\Windows\system32\drivers\aswNdis.sys

2012-10-28 08:04:16 . 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-28 08:04:16 . 2012-10-30 22:50:59 227648 ----a-w- C:\Windows\system32\aswBoot.exe

2012-10-27 18:22:13 . 2012-10-28 08:23:11 96224 ----a-w- C:\Program Files\Mozilla Firefox\webapprt-stub.exe

2012-10-27 18:22:13 . 2012-10-28 08:23:11 157272 ----a-w- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe

2012-10-26 12:34:11 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys

2012-10-26 12:34:11 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys

2012-10-26 12:34:11 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll

2012-10-26 12:33:24 . 2012-10-26 12:33:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center

2012-10-25 02:12:26 . 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx

2012-10-25 02:12:26 . 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\system32\QuickTime.qts

2012-10-19 04:55:27 . 2012-10-19 04:55:27 -------- d-----w- C:\ProgramData\FileCure

2012-10-19 04:55:26 . 2012-10-19 04:55:26 -------- d-----w- C:\Program Files\ParetoLogic

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-10-12 14:33:52 . 2012-10-12 14:33:52 862664 ----a-w- C:\Windows\system32\msvcr110.dll

2012-10-12 14:33:52 . 2012-10-12 14:33:52 534480 ----a-w- C:\Windows\system32\msvcp110.dll

2012-10-12 14:33:52 . 2012-10-12 14:33:52 251864 ----a-w- C:\Windows\system32\vccorlib110.dll

2012-10-12 14:33:50 . 2012-10-12 14:33:50 44184 ----a-w- C:\Windows\system32\drivers\point32.sys

2012-10-12 14:33:50 . 2012-10-12 14:33:50 1629040 ----a-w- C:\Windows\system32\WdfCoInstaller01011.dll

2012-10-10 16:18:27 . 2012-04-01 10:11:20 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe

2012-10-10 16:18:27 . 2011-05-25 13:37:13 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 17:54:26 . 2010-11-26 08:04:35 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-09-28 20:32:08 . 2012-09-28 20:32:08 2122408 ----a-w- C:\Windows\system32\coin92.dll

2012-09-24 14:32:24 . 2012-07-12 08:45:11 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll

2012-09-24 14:32:20 . 2010-12-12 09:03:29 473072 ----a-w- C:\Windows\system32\deployJava1.dll

2012-09-14 18:28:53 . 2012-10-10 19:03:21 2048 ----a-w- C:\Windows\system32\tzres.dll

2012-09-06 16:41:21 . 2012-09-06 16:41:21 57344 ----a-r- C:\Users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2012-09-06 16:38:45 . 2012-09-06 16:39:08 106496 ----a-w- C:\Windows\system32\ATL71.DLL

2012-08-31 17:18:09 . 2012-10-10 19:00:43 1211760 ----a-w- C:\Windows\system32\drivers\ntfs.sys

2012-08-30 17:12:02 . 2012-10-10 19:00:26 3914096 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-08-30 17:12:02 . 2012-10-10 19:00:24 3968880 ----a-w- C:\Windows\system32\ntkrnlpa.exe

2012-08-24 16:57:48 . 2012-10-10 19:03:33 172544 ----a-w- C:\Windows\system32\wintrust.dll

2012-08-24 06:59:17 . 2012-09-22 17:30:00 1800704 ----a-w- C:\Windows\system32\jscript9.dll

2012-08-24 06:51:27 . 2012-09-22 17:30:01 1129472 ----a-w- C:\Windows\system32\wininet.dll

2012-08-24 06:51:02 . 2012-09-22 17:29:57 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl

2012-08-24 06:47:26 . 2012-09-22 17:30:03 142848 ----a-w- C:\Windows\system32\ieUnatt.exe

2012-08-24 06:47:12 . 2012-09-22 17:30:05 420864 ----a-w- C:\Windows\system32\vbscript.dll

2012-08-24 06:43:58 . 2012-09-22 17:30:05 2382848 ----a-w- C:\Windows\system32\mshtml.tlb

2012-08-22 17:16:54 . 2012-09-20 14:53:23 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-08-22 17:16:46 . 2012-09-20 14:53:32 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys

2012-08-22 17:16:46 . 2012-09-20 14:53:23 240496 ----a-w- C:\Windows\system32\drivers\netio.sys

2012-08-22 17:16:36 . 2012-09-20 14:53:22 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 20:12:27 . 2012-09-26 09:19:06 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe

2012-08-21 12:01:22 . 2011-03-15 07:31:36 106928 ----a-w- C:\Windows\system32\GEARAspi.dll

2012-08-20 17:40:31 . 2012-10-10 19:02:28 169984 ----a-w- C:\Windows\system32\winsrv.dll

2012-08-20 17:40:01 . 2012-10-10 19:02:29 293376 ----a-w- C:\Windows\system32\KernelBase.dll

2012-08-20 17:37:58 . 2012-10-10 19:02:28 271360 ----a-w- C:\Windows\system32\conhost.exe

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32:13 . 2012-10-10 19:02:14 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32:12 . 2012-10-10 19:02:14 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:17 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:16 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:16 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 . 2012-10-10 19:02:16 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2007-03-12 16:59:00 . 2007-03-12 16:59:00 299008 ----a-w- C:\Program Files\navigram_register.exe

2012-10-28 08:23:15 . 2011-03-23 09:59:42 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50:38 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-09 22:30:34 421776]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]

path=C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

backup=C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 22:30:34 421776 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-09-29 17:54:26 981656 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 02:12:14 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-11-09 08:05:45 4763008 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]

R3 A38CCID;CCID USB Smart Card Reader;C:\Windows\system32\DRIVERS\a38ccid.sys [x]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]

R3 TsUsbFlt;TsUsbFlt; [x]

R4 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [x]

R4 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [x]

S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]

S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x]

S2 SZASSIST;SecretZone Assist Service;C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]

S3 mdf16;mdf16;C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys [x]

S3 mvd22;mvd22;C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [x]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

Inhoud van de 'Gedeelde Taken' map

2012-11-14 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:11:20 . 2012-10-10 16:18:27]

2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]

2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]

2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job

- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]

2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job

- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]

------- Bijkomende Scan -------

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 195.130.131.5 195.130.130.133

FF - ProfilePath - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Digsby Donates - C:\Program Files\Digsby Donates\Uninst.exe

AddRemove-ImgBurn - I:\ImgBurn\uninstall.exe

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

OK, nu zijn we er helemaal door. Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Ga nu terug naar “Systeembeveiliging” en maak meteen een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.
  • Kies voor “Maken”. Geef het herstelpunt een eigen naam en klik op “Maken”.
  • Herstart nu de PC.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.