jsc
-
Items
25 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door jsc
-
Hallo, Gisteren krijg ik ineens een reeks virussen binnen via een yahoo account. Avast blokt die netjes af, geen gevaar voor mijn PC. Op mijn iphone is die yahoo account niet geïnstalleerd maar ik krijg daar gelijktijdig met de virussen op pc een reeks emails op gmail "dit bericht heeft geen afzender" en "dit bericht heeft geen inhoud" ; gevolg : ik dan die lege mails niet openen en dus ook niet verwijderen. Dit is voor mij een compleet mysterie. Iemand die het licht kan laten schijnen ?
-
Hallo, Sinds enkele dagen krijg ik telkens opnieuw dezelfde pop-up : Iedere keer opnieuw wegklikken maar komt altijd terug
-
hallo kweezie, instructies nauwkeurig opgevolgd maar : die commandline opdrachten enkel foutmeldingen Highjackthis de gevraagde files aangevinkt en fix checked >> geen logfile MBAM vindt niets, dus lege log highjackthis log lijkt onveranderd ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:37:13, on 29/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Samsung\AllShare\AllShareAgent.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\admin\AppData\Roaming\ICQM\icq.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IELowutil.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6IJP708\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [icq] C:\Users\admin\AppData\Roaming\ICQM\icq.exe -CU O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU) O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- End of file - 7546 bytes
-
gisteren : avast bootscan, niets gevonden, SAS wel wat gevonden vandaag : toolbaar hardnekkig in firefox (enkel Firefox, IE en Chrome niet) nieuwe SAS : nieuwste highjackthis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:34:25, on 29/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Samsung\AllShare\AllShareAgent.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\admin\AppData\Roaming\ICQM\icq.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\System32\mobsync.exe C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\admin\Downloads\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\RunOnce: [Del1780985] cmd.exe /c del "C:\Users\admin\AppData\Local\Temp\0.del" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [icq] C:\Users\admin\AppData\Roaming\ICQM\icq.exe -CU O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [Del1780423] cmd.exe /c del "C:\Users\admin\AppData\Local\Temp\0.del" O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU) O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- End of file - 7858 bytes
-
Zal ik zeker doen, maar inmiddels nieuw ernstig probleem. Vanuit mijn gmail account worden emails verstuurd naar contacten uit mijn adresboek (inclusief mezelf) , met links naar o.m. hxxp://ssstradezone.com/boxbuild/16andrewdavies/ Uitschakelen voor: Engels hxxp://platinumwebco.com/ambulanceclassroom/52jonathanmartin/ Nu in elk geval opstartscan laten draaien voor "t slapengaan.
-
niet goed gegaan, dus even opnieuw in veilige modus : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:40:01, on 27/11/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\helppane.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\admin\Downloads\HijackThis(1).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- End of file - 3084 bytes
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:56:11, on 26/11/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Samsung\AllShare\AllShareAgent.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Users\admin\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- End of file - 5809 bytes
-
Hoe raak ik die kwijt ? (firefox) Malwarebytes en superantispyware vruchteloos
-
Tot later.
-
dat lukt dus niet ik heb mozy backup bekeken op andere pc en die is OK, dus korte pijn en herinstalleren. Heeft iemand ervaring met Windows 8 ?
-
nu is het helemaal klaar : na nog ccleaner in veilige modus: geen leesbare tekens meer zelf kan ik ook niets intypen, krijg ook die tekens. iemand een idee ?
-
download en installeren en verwijderen gaat enkel in veilige modus , sommige programma's gewoon de mist in (vb. knipsel)
-
jammer genoeg nog steeds fouten , zal de meldingen verzamelen en zoveel mogelijk tesamen doorsturen. voorlopig red ik me met tablet
-
Het hele verhaal opnieuw gedaan en hier gestruikeld : Windows cannot find %windir%\system32\systemproperties.exe make sure you typed the name correctly, and try again Hieronder de beschikbare logs : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:14:00, on 16/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\admin\Downloads\HijackThis.exe C:\Windows\system32\notepad.exe C:\Windows\system32\taskeng.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- End of file - 4288 bytes -------------------------------------------------------------------------------------------------- C:\Windows\System32\drivers\etc\hosts -------------------------------------------------------------------------------------------------- Nu herstarten, de 5 windows upd
-
Nu ben ik het even beu, lijkt wel terug naar af. Morgen nieuwe poging
-
avast heb ik moeten verwijderen (kon hem niet stoppen) ComboFix 12-11-14.01 - Pierre 15/11/2012 11:46:08.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.860 [GMT 1:00] Gestart vanuit: c:\users\Pierre\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pierre\Desktop\CFScript.txt AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))) . . 2012-11-15 10:57 . 2012-11-15 10:59 -------- d-----w- c:\users\Pierre\AppData\Local\temp 2012-11-15 10:57 . 2012-11-15 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-15 10:37 . 2012-11-15 10:37 -------- d-----w- c:\users\Pierre\AppData\Local\ElevatedDiagnostics 2012-11-13 19:13 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-13 08:29 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll 2012-11-08 11:36 . 2012-11-08 11:36 -------- d-----w- c:\program files\Systweak 2012-11-08 11:20 . 2012-11-09 06:59 -------- d-----w- c:\programdata\Systweak 2012-11-08 11:20 . 2012-11-09 07:47 -------- d-----w- c:\program files\Advanced System Protector 2012-11-08 11:19 . 2012-11-09 07:06 -------- d-----w- c:\users\Pierre\AppData\Roaming\Systweak 2012-11-07 15:04 . 2012-11-13 19:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-10-27 18:22 . 2012-10-28 08:23 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2012-10-27 18:22 . 2012-10-28 08:23 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2012-10-26 12:34 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-10-26 12:34 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-10-26 12:34 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\programdata\FileCure 2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\program files\ParetoLogic . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 14:33 . 2012-10-12 14:33 862664 ----a-w- c:\windows\system32\msvcr110.dll 2012-10-12 14:33 . 2012-10-12 14:33 534480 ----a-w- c:\windows\system32\msvcp110.dll 2012-10-12 14:33 . 2012-10-12 14:33 251864 ----a-w- c:\windows\system32\vccorlib110.dll 2012-10-12 14:33 . 2012-10-12 14:33 44184 ----a-w- c:\windows\system32\drivers\point32.sys 2012-10-12 14:33 . 2012-10-12 14:33 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll 2012-10-10 16:18 . 2012-04-01 10:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 16:18 . 2011-05-25 13:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 17:54 . 2010-11-26 08:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 20:32 . 2012-09-28 20:32 2122408 ----a-w- c:\windows\system32\coin92.dll 2012-09-24 14:32 . 2012-07-12 08:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 14:32 . 2010-12-12 09:03 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-14 18:28 . 2012-10-10 19:03 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-06 16:41 . 2012-09-06 16:41 57344 ----a-r- c:\users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2012-09-06 16:38 . 2012-09-06 16:39 106496 ----a-w- c:\windows\system32\ATL71.DLL 2012-08-31 17:18 . 2012-10-10 19:00 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12 . 2012-10-10 19:00 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 19:00 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-24 16:57 . 2012-10-10 19:03 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 06:59 . 2012-09-22 17:30 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-22 17:30 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-22 17:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 17:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 17:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-22 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-22 17:16 . 2012-09-20 14:53 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16 . 2012-09-20 14:53 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-20 14:53 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-20 14:53 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12 . 2012-09-26 09:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 12:01 . 2011-03-15 07:31 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-08-20 17:40 . 2012-10-10 19:02 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 17:40 . 2012-10-10 19:02 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 17:37 . 2012-10-10 19:02 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 17:32 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe 2012-10-28 08:23 . 2011-03-23 09:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98"="c:\users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] path=c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-09 08:05 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x] R3 TsUsbFlt;TsUsbFlt; [x] R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x] S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x] S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LPDService REG_MULTI_SZ LPDSVC . Inhoud van de 'Gedeelde Taken' map . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:18] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job - c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job - c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 195.130.131.5 195.130.130.133 FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3760) c:\program files\MozyHome\mozyshell.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\atieclxx.exe c:\windows\system32\taskhost.exe c:\windows\system32\AEADISRV.EXE c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\program files\MozyHome\mozybackup.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\MozyHome\mozybackup.exe c:\windows\system32\taskhost.exe c:\windows\system32\sdclt.exe . ************************************************************************** . Voltooingstijd: 2012-11-15 12:04:04 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-15 11:04 ComboFix2.txt 2012-11-15 08:30 . Pre-Run: 133.448.585.216 bytes free Post-Run: 133.387.776.000 bytes beschikbaar . - - End Of File - - 738A343AE99D4D40A43605031ABCB850 -------------------------------------------------------------------------------------------------------- ComboFix 12-11-13.03 - Pierre 14/11/2012 8:26:46.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1123 [GMT 1:00] Gestart vanuit: C:\Users\Pierre\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\system32\drivers\etc\hosts.ics C:\Windows\system32\muzapp.exe C:\Windows\system32\roboot.exe C:\Windows\system32\System32\MASetupCleaner.exe C:\Windows\system32\System32\muzapp.exe G:\Autorun.inf (((((((((((((((((((( Bestanden Gemaakt van 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))) 2012-11-14 07:39:30 . 2012-11-14 07:39:53 -------- d-----w- C:\Users\Pierre\AppData\Local\temp 2012-11-14 07:39:30 . 2012-11-14 07:39:30 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-11-13 19:13:50 . 2012-08-21 12:01:22 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys 2012-11-13 08:29:04 . 2012-10-12 05:56:01 6918632 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll 2012-11-08 11:36:44 . 2012-11-08 11:36:44 -------- d-----w- C:\Program Files\Systweak 2012-11-08 11:20:43 . 2012-11-09 06:59:11 -------- d-----w- C:\ProgramData\Systweak 2012-11-08 11:20:41 . 2012-11-09 07:47:10 -------- d-----w- C:\Program Files\Advanced System Protector 2012-11-08 11:19:01 . 2012-11-09 07:06:19 -------- d-----w- C:\Users\Pierre\AppData\Roaming\Systweak 2012-11-07 15:04:52 . 2012-11-13 19:13:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-11-01 09:08:37 . 2012-11-13 17:07:30 -------- d-----w- C:\Users\Pierre\AppData\Local\ElevatedDiagnostics 2012-10-28 08:05:53 . 2012-10-30 22:51:58 361032 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2012-10-28 08:05:53 . 2012-10-30 22:51:56 21256 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2012-10-28 08:05:38 . 2012-10-30 22:51:56 106560 ----a-w- C:\Windows\system32\drivers\aswFW.sys 2012-10-28 08:04:59 . 2012-10-30 22:51:58 199320 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys 2012-10-28 08:04:58 . 2012-10-30 22:51:58 54232 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2012-10-28 08:04:58 . 2012-10-15 17:59:28 44784 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys 2012-10-28 08:04:57 . 2012-10-30 22:51:56 20624 ----a-w- C:\Windows\system32\drivers\aswKbd.sys 2012-10-28 08:04:55 . 2012-10-30 22:51:58 738504 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2012-10-28 08:04:54 . 2012-10-30 22:51:57 58680 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2012-10-28 08:04:17 . 2012-09-21 10:26:08 12112 ----a-w- C:\Windows\system32\drivers\aswNdis.sys 2012-10-28 08:04:16 . 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr 2012-10-28 08:04:16 . 2012-10-30 22:50:59 227648 ----a-w- C:\Windows\system32\aswBoot.exe 2012-10-27 18:22:13 . 2012-10-28 08:23:11 96224 ----a-w- C:\Program Files\Mozilla Firefox\webapprt-stub.exe 2012-10-27 18:22:13 . 2012-10-28 08:23:11 157272 ----a-w- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe 2012-10-26 12:34:11 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys 2012-10-26 12:34:11 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys 2012-10-26 12:34:11 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll 2012-10-26 12:33:24 . 2012-10-26 12:33:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center 2012-10-25 02:12:26 . 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx 2012-10-25 02:12:26 . 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\system32\QuickTime.qts 2012-10-19 04:55:27 . 2012-10-19 04:55:27 -------- d-----w- C:\ProgramData\FileCure 2012-10-19 04:55:26 . 2012-10-19 04:55:26 -------- d-----w- C:\Program Files\ParetoLogic . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-12 14:33:52 . 2012-10-12 14:33:52 862664 ----a-w- C:\Windows\system32\msvcr110.dll 2012-10-12 14:33:52 . 2012-10-12 14:33:52 534480 ----a-w- C:\Windows\system32\msvcp110.dll 2012-10-12 14:33:52 . 2012-10-12 14:33:52 251864 ----a-w- C:\Windows\system32\vccorlib110.dll 2012-10-12 14:33:50 . 2012-10-12 14:33:50 44184 ----a-w- C:\Windows\system32\drivers\point32.sys 2012-10-12 14:33:50 . 2012-10-12 14:33:50 1629040 ----a-w- C:\Windows\system32\WdfCoInstaller01011.dll 2012-10-10 16:18:27 . 2012-04-01 10:11:20 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2012-10-10 16:18:27 . 2011-05-25 13:37:13 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 17:54:26 . 2010-11-26 08:04:35 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-28 20:32:08 . 2012-09-28 20:32:08 2122408 ----a-w- C:\Windows\system32\coin92.dll 2012-09-24 14:32:24 . 2012-07-12 08:45:11 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll 2012-09-24 14:32:20 . 2010-12-12 09:03:29 473072 ----a-w- C:\Windows\system32\deployJava1.dll 2012-09-14 18:28:53 . 2012-10-10 19:03:21 2048 ----a-w- C:\Windows\system32\tzres.dll 2012-09-06 16:41:21 . 2012-09-06 16:41:21 57344 ----a-r- C:\Users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2012-09-06 16:38:45 . 2012-09-06 16:39:08 106496 ----a-w- C:\Windows\system32\ATL71.DLL 2012-08-31 17:18:09 . 2012-10-10 19:00:43 1211760 ----a-w- C:\Windows\system32\drivers\ntfs.sys 2012-08-30 17:12:02 . 2012-10-10 19:00:26 3914096 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-08-30 17:12:02 . 2012-10-10 19:00:24 3968880 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2012-08-24 16:57:48 . 2012-10-10 19:03:33 172544 ----a-w- C:\Windows\system32\wintrust.dll 2012-08-24 06:59:17 . 2012-09-22 17:30:00 1800704 ----a-w- C:\Windows\system32\jscript9.dll 2012-08-24 06:51:27 . 2012-09-22 17:30:01 1129472 ----a-w- C:\Windows\system32\wininet.dll 2012-08-24 06:51:02 . 2012-09-22 17:29:57 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-08-24 06:47:26 . 2012-09-22 17:30:03 142848 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-08-24 06:47:12 . 2012-09-22 17:30:05 420864 ----a-w- C:\Windows\system32\vbscript.dll 2012-08-24 06:43:58 . 2012-09-22 17:30:05 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-08-22 17:16:54 . 2012-09-20 14:53:23 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-08-22 17:16:46 . 2012-09-20 14:53:32 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-08-22 17:16:46 . 2012-09-20 14:53:23 240496 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-08-22 17:16:36 . 2012-09-20 14:53:22 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12:27 . 2012-09-26 09:19:06 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe 2012-08-21 12:01:22 . 2011-03-15 07:31:36 106928 ----a-w- C:\Windows\system32\GEARAspi.dll 2012-08-20 17:40:31 . 2012-10-10 19:02:28 169984 ----a-w- C:\Windows\system32\winsrv.dll 2012-08-20 17:40:01 . 2012-10-10 19:02:29 293376 ----a-w- C:\Windows\system32\KernelBase.dll 2012-08-20 17:37:58 . 2012-10-10 19:02:28 271360 ----a-w- C:\Windows\system32\conhost.exe 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:14 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32:12 . 2012-10-10 19:02:14 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:17 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:16 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:16 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:16 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2007-03-12 16:59:00 . 2007-03-12 16:59:00 299008 ----a-w- C:\Program Files\navigram_register.exe 2012-10-28 08:23:15 . 2011-03-23 09:59:42 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50:38 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-09 22:30:34 421776] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" [HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] path=C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk backup=C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 22:30:34 421776 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-09-29 17:54:26 981656 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12:14 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-09 08:05:45 4763008 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x] R3 A38CCID;CCID USB Smart Card Reader;C:\Windows\system32\DRIVERS\a38ccid.sys [x] R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys [x] R3 TsUsbFlt;TsUsbFlt; [x] R4 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [x] R4 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x] S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [x] S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x] S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x] S2 SZASSIST;SecretZone Assist Service;C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x] S3 mdf16;mdf16;C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys [x] S3 mvd22;mvd22;C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys [x] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [x] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - WS2IFSL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LPDService REG_MULTI_SZ LPDSVC Inhoud van de 'Gedeelde Taken' map 2012-11-14 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:11:20 . 2012-10-10 16:18:27] 2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29] 2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29] 2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job - C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29] 2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job - C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29] ------- Bijkomende Scan ------- uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 195.130.131.5 195.130.130.133 FF - ProfilePath - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be - - - - ORPHANS VERWIJDERD - - - - Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Digsby Donates - C:\Program Files\Digsby Donates\Uninst.exe AddRemove-ImgBurn - I:\ImgBurn\uninstall.exe
-
Haast en spoed ... Hier is het, en ik wacht nu netjes op de zegen van Kape : ComboFix 12-11-14.01 - Pierre 15/11/2012 9:09.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1097 [GMT 1:00] Gestart vanuit: c:\users\Pierre\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pierre\Desktop\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . ---- Voorgaande Run ------- . c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\muzapp.exe c:\windows\system32\roboot.exe c:\windows\system32\System32\MASetupCleaner.exe c:\windows\system32\System32\muzapp.exe G:\Autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))) . . 2012-11-15 08:22 . 2012-11-15 08:22 -------- d-----w- c:\users\Pierre\AppData\Local\temp 2012-11-15 08:22 . 2012-11-15 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-13 19:13 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-13 08:29 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll 2012-11-08 11:36 . 2012-11-08 11:36 -------- d-----w- c:\program files\Systweak 2012-11-08 11:20 . 2012-11-09 06:59 -------- d-----w- c:\programdata\Systweak 2012-11-08 11:20 . 2012-11-09 07:47 -------- d-----w- c:\program files\Advanced System Protector 2012-11-08 11:19 . 2012-11-09 07:06 -------- d-----w- c:\users\Pierre\AppData\Roaming\Systweak 2012-11-07 15:04 . 2012-11-13 19:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-10-28 08:05 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-28 08:05 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-28 08:05 . 2012-10-30 22:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-28 08:04 . 2012-10-30 22:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-28 08:04 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-28 08:04 . 2012-10-15 17:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-28 08:04 . 2012-10-30 22:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-28 08:04 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-28 08:04 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-28 08:04 . 2012-09-21 10:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-10-28 08:04 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-10-28 08:04 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-27 18:22 . 2012-10-28 08:23 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2012-10-27 18:22 . 2012-10-28 08:23 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2012-10-26 12:34 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-10-26 12:34 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-10-26 12:34 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\programdata\FileCure 2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\program files\ParetoLogic . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 14:33 . 2012-10-12 14:33 862664 ----a-w- c:\windows\system32\msvcr110.dll 2012-10-12 14:33 . 2012-10-12 14:33 534480 ----a-w- c:\windows\system32\msvcp110.dll 2012-10-12 14:33 . 2012-10-12 14:33 251864 ----a-w- c:\windows\system32\vccorlib110.dll 2012-10-12 14:33 . 2012-10-12 14:33 44184 ----a-w- c:\windows\system32\drivers\point32.sys 2012-10-12 14:33 . 2012-10-12 14:33 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll 2012-10-10 16:18 . 2012-04-01 10:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 16:18 . 2011-05-25 13:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 17:54 . 2010-11-26 08:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 20:32 . 2012-09-28 20:32 2122408 ----a-w- c:\windows\system32\coin92.dll 2012-09-24 14:32 . 2012-07-12 08:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 14:32 . 2010-12-12 09:03 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-14 18:28 . 2012-10-10 19:03 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-06 16:41 . 2012-09-06 16:41 57344 ----a-r- c:\users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2012-09-06 16:38 . 2012-09-06 16:39 106496 ----a-w- c:\windows\system32\ATL71.DLL 2012-08-31 17:18 . 2012-10-10 19:00 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12 . 2012-10-10 19:00 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 19:00 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-24 16:57 . 2012-10-10 19:03 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 06:59 . 2012-09-22 17:30 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-22 17:30 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-22 17:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 17:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 17:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-22 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-22 17:16 . 2012-09-20 14:53 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16 . 2012-09-20 14:53 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-20 14:53 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-20 14:53 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12 . 2012-09-26 09:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 12:01 . 2011-03-15 07:31 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-08-20 17:40 . 2012-10-10 19:02 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 17:40 . 2012-10-10 19:02 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 17:37 . 2012-10-10 19:02 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 17:32 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe 2012-10-28 08:23 . 2011-03-23 09:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98"="c:\users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] path=c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-09 08:05 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x] R3 TsUsbFlt;TsUsbFlt; [x] R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x] S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x] S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LPDService REG_MULTI_SZ LPDSVC . Inhoud van de 'Gedeelde Taken' map . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:18] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job - c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job - c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 195.130.131.5 195.130.130.133 FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-15 09:30:25 ComboFix-quarantined-files.txt 2012-11-15 08:30 . Pre-Run: 134.845.755.392 bytes free Post-Run: 134.765.879.296 bytes beschikbaar . - - End Of File - - A829924434C8197BE99E9C935FF80E21
-
Het ziet ernaar uit dat alles nu in orde is Met veel dank aan Kape.
-
avast was op op voorhand uirgeschakeld (malware doet z'n werk goed. Hieronder combofix log :ComboFix 12-11-13.03 - Pierre 14/11/2012 8:26:46.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1123 [GMT 1:00] Gestart vanuit: C:\Users\Pierre\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\system32\drivers\etc\hosts.ics C:\Windows\system32\muzapp.exe C:\Windows\system32\roboot.exe C:\Windows\system32\System32\MASetupCleaner.exe C:\Windows\system32\System32\muzapp.exe G:\Autorun.inf (((((((((((((((((((( Bestanden Gemaakt van 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))) 2012-11-14 07:39:30 . 2012-11-14 07:39:53 -------- d-----w- C:\Users\Pierre\AppData\Local\temp 2012-11-14 07:39:30 . 2012-11-14 07:39:30 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-11-13 19:13:50 . 2012-08-21 12:01:22 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys 2012-11-13 08:29:04 . 2012-10-12 05:56:01 6918632 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll 2012-11-08 11:36:44 . 2012-11-08 11:36:44 -------- d-----w- C:\Program Files\Systweak 2012-11-08 11:20:43 . 2012-11-09 06:59:11 -------- d-----w- C:\ProgramData\Systweak 2012-11-08 11:20:41 . 2012-11-09 07:47:10 -------- d-----w- C:\Program Files\Advanced System Protector 2012-11-08 11:19:01 . 2012-11-09 07:06:19 -------- d-----w- C:\Users\Pierre\AppData\Roaming\Systweak 2012-11-07 15:04:52 . 2012-11-13 19:13:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-11-01 09:08:37 . 2012-11-13 17:07:30 -------- d-----w- C:\Users\Pierre\AppData\Local\ElevatedDiagnostics 2012-10-28 08:05:53 . 2012-10-30 22:51:58 361032 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2012-10-28 08:05:53 . 2012-10-30 22:51:56 21256 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2012-10-28 08:05:38 . 2012-10-30 22:51:56 106560 ----a-w- C:\Windows\system32\drivers\aswFW.sys 2012-10-28 08:04:59 . 2012-10-30 22:51:58 199320 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys 2012-10-28 08:04:58 . 2012-10-30 22:51:58 54232 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2012-10-28 08:04:58 . 2012-10-15 17:59:28 44784 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys 2012-10-28 08:04:57 . 2012-10-30 22:51:56 20624 ----a-w- C:\Windows\system32\drivers\aswKbd.sys 2012-10-28 08:04:55 . 2012-10-30 22:51:58 738504 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2012-10-28 08:04:54 . 2012-10-30 22:51:57 58680 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2012-10-28 08:04:17 . 2012-09-21 10:26:08 12112 ----a-w- C:\Windows\system32\drivers\aswNdis.sys 2012-10-28 08:04:16 . 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr 2012-10-28 08:04:16 . 2012-10-30 22:50:59 227648 ----a-w- C:\Windows\system32\aswBoot.exe 2012-10-27 18:22:13 . 2012-10-28 08:23:11 96224 ----a-w- C:\Program Files\Mozilla Firefox\webapprt-stub.exe 2012-10-27 18:22:13 . 2012-10-28 08:23:11 157272 ----a-w- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe 2012-10-26 12:34:11 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys 2012-10-26 12:34:11 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys 2012-10-26 12:34:11 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll 2012-10-26 12:33:24 . 2012-10-26 12:33:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center 2012-10-25 02:12:26 . 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx 2012-10-25 02:12:26 . 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\system32\QuickTime.qts 2012-10-19 04:55:27 . 2012-10-19 04:55:27 -------- d-----w- C:\ProgramData\FileCure 2012-10-19 04:55:26 . 2012-10-19 04:55:26 -------- d-----w- C:\Program Files\ParetoLogic . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-12 14:33:52 . 2012-10-12 14:33:52 862664 ----a-w- C:\Windows\system32\msvcr110.dll 2012-10-12 14:33:52 . 2012-10-12 14:33:52 534480 ----a-w- C:\Windows\system32\msvcp110.dll 2012-10-12 14:33:52 . 2012-10-12 14:33:52 251864 ----a-w- C:\Windows\system32\vccorlib110.dll 2012-10-12 14:33:50 . 2012-10-12 14:33:50 44184 ----a-w- C:\Windows\system32\drivers\point32.sys 2012-10-12 14:33:50 . 2012-10-12 14:33:50 1629040 ----a-w- C:\Windows\system32\WdfCoInstaller01011.dll 2012-10-10 16:18:27 . 2012-04-01 10:11:20 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2012-10-10 16:18:27 . 2011-05-25 13:37:13 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 17:54:26 . 2010-11-26 08:04:35 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-28 20:32:08 . 2012-09-28 20:32:08 2122408 ----a-w- C:\Windows\system32\coin92.dll 2012-09-24 14:32:24 . 2012-07-12 08:45:11 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll 2012-09-24 14:32:20 . 2010-12-12 09:03:29 473072 ----a-w- C:\Windows\system32\deployJava1.dll 2012-09-14 18:28:53 . 2012-10-10 19:03:21 2048 ----a-w- C:\Windows\system32\tzres.dll 2012-09-06 16:41:21 . 2012-09-06 16:41:21 57344 ----a-r- C:\Users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2012-09-06 16:38:45 . 2012-09-06 16:39:08 106496 ----a-w- C:\Windows\system32\ATL71.DLL 2012-08-31 17:18:09 . 2012-10-10 19:00:43 1211760 ----a-w- C:\Windows\system32\drivers\ntfs.sys 2012-08-30 17:12:02 . 2012-10-10 19:00:26 3914096 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-08-30 17:12:02 . 2012-10-10 19:00:24 3968880 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2012-08-24 16:57:48 . 2012-10-10 19:03:33 172544 ----a-w- C:\Windows\system32\wintrust.dll 2012-08-24 06:59:17 . 2012-09-22 17:30:00 1800704 ----a-w- C:\Windows\system32\jscript9.dll 2012-08-24 06:51:27 . 2012-09-22 17:30:01 1129472 ----a-w- C:\Windows\system32\wininet.dll 2012-08-24 06:51:02 . 2012-09-22 17:29:57 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-08-24 06:47:26 . 2012-09-22 17:30:03 142848 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-08-24 06:47:12 . 2012-09-22 17:30:05 420864 ----a-w- C:\Windows\system32\vbscript.dll 2012-08-24 06:43:58 . 2012-09-22 17:30:05 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-08-22 17:16:54 . 2012-09-20 14:53:23 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-08-22 17:16:46 . 2012-09-20 14:53:32 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-08-22 17:16:46 . 2012-09-20 14:53:23 240496 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-08-22 17:16:36 . 2012-09-20 14:53:22 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12:27 . 2012-09-26 09:19:06 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe 2012-08-21 12:01:22 . 2011-03-15 07:31:36 106928 ----a-w- C:\Windows\system32\GEARAspi.dll 2012-08-20 17:40:31 . 2012-10-10 19:02:28 169984 ----a-w- C:\Windows\system32\winsrv.dll 2012-08-20 17:40:01 . 2012-10-10 19:02:29 293376 ----a-w- C:\Windows\system32\KernelBase.dll 2012-08-20 17:37:58 . 2012-10-10 19:02:28 271360 ----a-w- C:\Windows\system32\conhost.exe 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-10 19:02:14 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32:12 . 2012-10-10 19:02:14 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:17 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:16 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:16 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-10 19:02:16 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2007-03-12 16:59:00 . 2007-03-12 16:59:00 299008 ----a-w- C:\Program Files\navigram_register.exe 2012-10-28 08:23:15 . 2011-03-23 09:59:42 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50:38 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-09 22:30:34 421776] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" [HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] path=C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk backup=C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 22:30:34 421776 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-09-29 17:54:26 981656 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12:14 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-09 08:05:45 4763008 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x] R3 A38CCID;CCID USB Smart Card Reader;C:\Windows\system32\DRIVERS\a38ccid.sys [x] R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys [x] R3 TsUsbFlt;TsUsbFlt; [x] R4 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [x] R4 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x] S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [x] S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x] S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x] S2 SZASSIST;SecretZone Assist Service;C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x] S3 mdf16;mdf16;C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys [x] S3 mvd22;mvd22;C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys [x] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [x] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - WS2IFSL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LPDService REG_MULTI_SZ LPDSVC Inhoud van de 'Gedeelde Taken' map 2012-11-14 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:11:20 . 2012-10-10 16:18:27] 2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29] 2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29] 2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job - C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29] 2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job - C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29] ------- Bijkomende Scan ------- uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 195.130.131.5 195.130.130.133 FF - ProfilePath - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be - - - - ORPHANS VERWIJDERD - - - - Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Digsby Donates - C:\Program Files\Digsby Donates\Uninst.exe AddRemove-ImgBurn - I:\ImgBurn\uninstall.exe
-
Is volledig, in veilige modus idd. ik blijf in veilige modus (niet echt handig) tot volgende stap
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:26:45, on 13/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Pierre\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Pierre\Downloads\HijackThis(4).exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe -- End of file - 3324 bytes inderdaad, heb het weer in veilige modus moeten doen
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:15:09, on 13/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Pierre\Downloads\HijackThis(3).exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C: \PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Freecause Shopping BHO - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files \Digsby Donates\ShoppingBHO.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C: \Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype \Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C: \PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft \BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft \BingBar\BingExt.dll" (file missing) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" /atRestart O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support \APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader \Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin \MobileConnect.exe /silent O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center \itype.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center \ipoint.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update \jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98] "C:\Users\Pierre \AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office \Office14\ONENOTEM.EXE O4 - Startup: Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup \ISFGuage.exe O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe O4 - Startup: Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup \ISFTimerD.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync \GoogleCalendarSync.exe O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe O4 - Global Startup: Wireless Connection Manager.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C: \PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C: \PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B- C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer \WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer \WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849- EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C: \Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files \Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype \SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live \Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files \SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C: \Windows\system32\AEADISRV.EXE O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast \AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast \afwServ.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour \mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google \Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files \Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin \iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome \mozybackup.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater \Updater.exe O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus \Samsung SecretZone\SZAssistSVC.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files \Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe -- End of file - 11382 bytes veilige modus heeft gefixt Hoe weet ik nu of alles goed is ? Wat als ik systeemherstel ga doen ? Kan ik ongestraft (nutteloze) programma's verwijderen ?
-
Vreemd : MBAM heeft niets gevonden, Hijackthis moet ik telkens opnieuw installeren ? Hieronder de logs : Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free anti-malware download Databaseversie: v2012.11.13.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Pierre :: PIERRE-PC [administrator] 13/11/2012 10:06:17 mbam-log-2012-11-13 (10-06-17).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 210051 Verstreken tijd: 9 minuut/minuten, 16 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Fixen lukt niet : "no internet connction available. Graag vervolg:embarassed:
-
Hier issie : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:07:18, on 12/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Pierre\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Pierre\Downloads\HijackThis(1).exe C:\Windows\system32\notepad.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Freecause Shopping BHO - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files\Digsby Donates\ShoppingBHO.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" /atRestart O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98] "C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Startup: Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe O4 - Startup: Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe O4 - Global Startup: Wireless Connection Manager.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe -- End of file - 12995 bytes
-
Hallo allen, Ben hier al eerder gekomen, login en pw kwijt (is lang geleden) dus starten met nieuwe lei Ziehier : HP Probook 4710 S Intel Core DUO CPU T6570 2.10 Ghz 32-bits Windows7 Ultimate Probleem : gebruik avast internet security en superantispyware, altijd probleemloos tot paar weken geleden. USB kent enkel muis, fototoestel en iphone. Geen printer, geen externe HD, Backup maken onmogelijk, Ook Mozy online backup geeft fout meldingen, Windows doet bijna dagelijks updaten, maar PC lijkt dat te negeren. PC binnengedragen bij bekende winkel met vraag bestanden opslaan en windows herinstalleren. Toen ik hem terughaalde kreeg ik te horen "herinstalleren niet nodig, hebben er malware afgehaald alles in orde" my ass, niets in orde, blijkbaar zijn ze er ook niet in geslaagd. Wanhoop, SYSTWEAK geïnstalleerd en betaald, programma aanvaardt licensie niet. Nu zit ik met de handen in mijn haar. alvast bij voorbaat dank.
