jsc
-
Items
25 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door jsc
-
-
-
hallo kweezie,
instructies nauwkeurig opgevolgd maar :
- die commandline opdrachten enkel foutmeldingen
- Highjackthis de gevraagde files aangevinkt en fix checked >> geen logfile
- MBAM vindt niets, dus lege log
- highjackthis log lijkt onveranderd ?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:13, on 29/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\admin\AppData\Roaming\ICQM\icq.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6IJP708\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [icq] C:\Users\admin\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
--
End of file - 7546 bytes
- die commandline opdrachten enkel foutmeldingen
-
gisteren : avast bootscan, niets gevonden, SAS wel wat gevonden
vandaag : toolbaar hardnekkig in firefox (enkel Firefox, IE en Chrome niet)
nieuwe SAS :
nieuwste highjackthis :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:34:25, on 29/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\admin\AppData\Roaming\ICQM\icq.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\admin\Downloads\HijackThis (1).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Del1780985] cmd.exe /c del "C:\Users\admin\AppData\Local\Temp\0.del"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [icq] C:\Users\admin\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Del1780423] cmd.exe /c del "C:\Users\admin\AppData\Local\Temp\0.del"
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\admin\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
--
End of file - 7858 bytes
-
Zal ik zeker doen, maar inmiddels nieuw ernstig probleem. Vanuit mijn gmail account worden emails verstuurd naar contacten uit mijn adresboek (inclusief mezelf) , met links naar o.m. hxxp://ssstradezone.com/boxbuild/16andrewdavies/ Uitschakelen voor: Engels hxxp://platinumwebco.com/ambulanceclassroom/52jonathanmartin/ Nu in elk geval opstartscan laten draaien voor "t slapengaan.
-
niet goed gegaan, dus even opnieuw in veilige modus :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:01, on 27/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\admin\Downloads\HijackThis(1).exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
--
End of file - 3084 bytes
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:56:11, on 26/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\admin\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
--
End of file - 5809 bytes
-
Hoe raak ik die kwijt ? (firefox)
Malwarebytes en superantispyware vruchteloos
-
Tot later.
-
dat lukt dus niet ik heb mozy backup bekeken op andere pc en die is OK, dus korte pijn en herinstalleren.
Heeft iemand ervaring met Windows 8 ?
-
nu is het helemaal klaar : na nog ccleaner in veilige modus: geen leesbare tekens meer zelf kan ik ook niets intypen, krijg ook die tekens.
iemand een idee ?
-
download en installeren en verwijderen gaat enkel in veilige modus , sommige programma's gewoon de mist in (vb. knipsel)
-
jammer genoeg nog steeds fouten , zal de meldingen verzamelen en zoveel mogelijk tesamen doorsturen.
voorlopig red ik me met tablet
-
Het hele verhaal opnieuw gedaan en hier gestruikeld :
Windows cannot find %windir%\system32\systemproperties.exe
make sure you typed the name correctly, and try again
Hieronder de beschikbare logs :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:14:00, on 16/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\admin\Downloads\HijackThis.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
--
End of file - 4288 bytes
--------------------------------------------------------------------------------------------------
C:\Windows\System32\drivers\etc\hosts
--------------------------------------------------------------------------------------------------
Nu herstarten, de 5 windows upd
-
Nu ben ik het even beu, lijkt wel terug naar af. Morgen nieuwe poging
-
avast heb ik moeten verwijderen (kon hem niet stoppen)
ComboFix 12-11-14.01 - Pierre 15/11/2012 11:46:08.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.860 [GMT 1:00]
Gestart vanuit: c:\users\Pierre\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Pierre\Desktop\CFScript.txt
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))
.
.
2012-11-15 10:57 . 2012-11-15 10:59 -------- d-----w- c:\users\Pierre\AppData\Local\temp
2012-11-15 10:57 . 2012-11-15 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 10:37 . 2012-11-15 10:37 -------- d-----w- c:\users\Pierre\AppData\Local\ElevatedDiagnostics
2012-11-13 19:13 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-13 08:29 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll
2012-11-08 11:36 . 2012-11-08 11:36 -------- d-----w- c:\program files\Systweak
2012-11-08 11:20 . 2012-11-09 06:59 -------- d-----w- c:\programdata\Systweak
2012-11-08 11:20 . 2012-11-09 07:47 -------- d-----w- c:\program files\Advanced System Protector
2012-11-08 11:19 . 2012-11-09 07:06 -------- d-----w- c:\users\Pierre\AppData\Roaming\Systweak
2012-11-07 15:04 . 2012-11-13 19:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-27 18:22 . 2012-10-28 08:23 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-27 18:22 . 2012-10-28 08:23 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-26 12:34 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-10-26 12:34 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-10-26 12:34 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\programdata\FileCure
2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\program files\ParetoLogic
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 14:33 . 2012-10-12 14:33 862664 ----a-w- c:\windows\system32\msvcr110.dll
2012-10-12 14:33 . 2012-10-12 14:33 534480 ----a-w- c:\windows\system32\msvcp110.dll
2012-10-12 14:33 . 2012-10-12 14:33 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2012-10-12 14:33 . 2012-10-12 14:33 44184 ----a-w- c:\windows\system32\drivers\point32.sys
2012-10-12 14:33 . 2012-10-12 14:33 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-10 16:18 . 2012-04-01 10:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 16:18 . 2011-05-25 13:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2010-11-26 08:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 20:32 . 2012-09-28 20:32 2122408 ----a-w- c:\windows\system32\coin92.dll
2012-09-24 14:32 . 2012-07-12 08:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2010-12-12 09:03 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 18:28 . 2012-10-10 19:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-06 16:41 . 2012-09-06 16:41 57344 ----a-r- c:\users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-09-06 16:38 . 2012-09-06 16:39 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-08-31 17:18 . 2012-10-10 19:00 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 19:00 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 19:00 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 19:03 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-22 17:30 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 17:30 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 17:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 17:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 17:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-20 14:53 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-20 14:53 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-20 14:53 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-20 14:53 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 09:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 12:01 . 2011-03-15 07:31 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40 . 2012-10-10 19:02 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 19:02 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 19:02 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
2012-10-28 08:23 . 2011-03-23 09:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98"="c:\users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
path=c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 08:05 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:18]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job
- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job
- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 195.130.131.5 195.130.130.133
FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3760)
c:\program files\MozyHome\mozyshell.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Voltooingstijd: 2012-11-15 12:04:04 - machine werd herstart
ComboFix-quarantined-files.txt 2012-11-15 11:04
ComboFix2.txt 2012-11-15 08:30
.
Pre-Run: 133.448.585.216 bytes free
Post-Run: 133.387.776.000 bytes beschikbaar
.
- - End Of File - - 738A343AE99D4D40A43605031ABCB850
--------------------------------------------------------------------------------------------------------
ComboFix 12-11-13.03 - Pierre 14/11/2012 8:26:46.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1123 [GMT 1:00]
Gestart vanuit: C:\Users\Pierre\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\system32\muzapp.exe
C:\Windows\system32\roboot.exe
C:\Windows\system32\System32\MASetupCleaner.exe
C:\Windows\system32\System32\muzapp.exe
G:\Autorun.inf
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))
2012-11-14 07:39:30 . 2012-11-14 07:39:53 -------- d-----w- C:\Users\Pierre\AppData\Local\temp
2012-11-14 07:39:30 . 2012-11-14 07:39:30 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-11-13 19:13:50 . 2012-08-21 12:01:22 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-11-13 08:29:04 . 2012-10-12 05:56:01 6918632 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll
2012-11-08 11:36:44 . 2012-11-08 11:36:44 -------- d-----w- C:\Program Files\Systweak
2012-11-08 11:20:43 . 2012-11-09 06:59:11 -------- d-----w- C:\ProgramData\Systweak
2012-11-08 11:20:41 . 2012-11-09 07:47:10 -------- d-----w- C:\Program Files\Advanced System Protector
2012-11-08 11:19:01 . 2012-11-09 07:06:19 -------- d-----w- C:\Users\Pierre\AppData\Roaming\Systweak
2012-11-07 15:04:52 . 2012-11-13 19:13:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-01 09:08:37 . 2012-11-13 17:07:30 -------- d-----w- C:\Users\Pierre\AppData\Local\ElevatedDiagnostics
2012-10-28 08:05:53 . 2012-10-30 22:51:58 361032 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-10-28 08:05:53 . 2012-10-30 22:51:56 21256 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-10-28 08:05:38 . 2012-10-30 22:51:56 106560 ----a-w- C:\Windows\system32\drivers\aswFW.sys
2012-10-28 08:04:59 . 2012-10-30 22:51:58 199320 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys
2012-10-28 08:04:58 . 2012-10-30 22:51:58 54232 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-10-28 08:04:58 . 2012-10-15 17:59:28 44784 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-10-28 08:04:57 . 2012-10-30 22:51:56 20624 ----a-w- C:\Windows\system32\drivers\aswKbd.sys
2012-10-28 08:04:55 . 2012-10-30 22:51:58 738504 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-10-28 08:04:54 . 2012-10-30 22:51:57 58680 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-10-28 08:04:17 . 2012-09-21 10:26:08 12112 ----a-w- C:\Windows\system32\drivers\aswNdis.sys
2012-10-28 08:04:16 . 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-28 08:04:16 . 2012-10-30 22:50:59 227648 ----a-w- C:\Windows\system32\aswBoot.exe
2012-10-27 18:22:13 . 2012-10-28 08:23:11 96224 ----a-w- C:\Program Files\Mozilla Firefox\webapprt-stub.exe
2012-10-27 18:22:13 . 2012-10-28 08:23:11 157272 ----a-w- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-26 12:34:11 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2012-10-26 12:34:11 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2012-10-26 12:34:11 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll
2012-10-26 12:33:24 . 2012-10-26 12:33:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2012-10-25 02:12:26 . 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
2012-10-25 02:12:26 . 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\system32\QuickTime.qts
2012-10-19 04:55:27 . 2012-10-19 04:55:27 -------- d-----w- C:\ProgramData\FileCure
2012-10-19 04:55:26 . 2012-10-19 04:55:26 -------- d-----w- C:\Program Files\ParetoLogic
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-10-12 14:33:52 . 2012-10-12 14:33:52 862664 ----a-w- C:\Windows\system32\msvcr110.dll
2012-10-12 14:33:52 . 2012-10-12 14:33:52 534480 ----a-w- C:\Windows\system32\msvcp110.dll
2012-10-12 14:33:52 . 2012-10-12 14:33:52 251864 ----a-w- C:\Windows\system32\vccorlib110.dll
2012-10-12 14:33:50 . 2012-10-12 14:33:50 44184 ----a-w- C:\Windows\system32\drivers\point32.sys
2012-10-12 14:33:50 . 2012-10-12 14:33:50 1629040 ----a-w- C:\Windows\system32\WdfCoInstaller01011.dll
2012-10-10 16:18:27 . 2012-04-01 10:11:20 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-10-10 16:18:27 . 2011-05-25 13:37:13 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54:26 . 2010-11-26 08:04:35 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-28 20:32:08 . 2012-09-28 20:32:08 2122408 ----a-w- C:\Windows\system32\coin92.dll
2012-09-24 14:32:24 . 2012-07-12 08:45:11 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-09-24 14:32:20 . 2010-12-12 09:03:29 473072 ----a-w- C:\Windows\system32\deployJava1.dll
2012-09-14 18:28:53 . 2012-10-10 19:03:21 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-09-06 16:41:21 . 2012-09-06 16:41:21 57344 ----a-r- C:\Users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-09-06 16:38:45 . 2012-09-06 16:39:08 106496 ----a-w- C:\Windows\system32\ATL71.DLL
2012-08-31 17:18:09 . 2012-10-10 19:00:43 1211760 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 . 2012-10-10 19:00:26 3914096 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-08-30 17:12:02 . 2012-10-10 19:00:24 3968880 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-08-24 16:57:48 . 2012-10-10 19:03:33 172544 ----a-w- C:\Windows\system32\wintrust.dll
2012-08-24 06:59:17 . 2012-09-22 17:30:00 1800704 ----a-w- C:\Windows\system32\jscript9.dll
2012-08-24 06:51:27 . 2012-09-22 17:30:01 1129472 ----a-w- C:\Windows\system32\wininet.dll
2012-08-24 06:51:02 . 2012-09-22 17:29:57 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-08-24 06:47:26 . 2012-09-22 17:30:03 142848 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-08-24 06:47:12 . 2012-09-22 17:30:05 420864 ----a-w- C:\Windows\system32\vbscript.dll
2012-08-24 06:43:58 . 2012-09-22 17:30:05 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-08-22 17:16:54 . 2012-09-20 14:53:23 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 . 2012-09-20 14:53:32 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 . 2012-09-20 14:53:23 240496 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-08-22 17:16:36 . 2012-09-20 14:53:22 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 . 2012-09-26 09:19:06 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe
2012-08-21 12:01:22 . 2011-03-15 07:31:36 106928 ----a-w- C:\Windows\system32\GEARAspi.dll
2012-08-20 17:40:31 . 2012-10-10 19:02:28 169984 ----a-w- C:\Windows\system32\winsrv.dll
2012-08-20 17:40:01 . 2012-10-10 19:02:29 293376 ----a-w- C:\Windows\system32\KernelBase.dll
2012-08-20 17:37:58 . 2012-10-10 19:02:28 271360 ----a-w- C:\Windows\system32\conhost.exe
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:14 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32:12 . 2012-10-10 19:02:14 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:17 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:16 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:16 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:16 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2007-03-12 16:59:00 . 2007-03-12 16:59:00 299008 ----a-w- C:\Program Files\navigram_register.exe
2012-10-28 08:23:15 . 2011-03-23 09:59:42 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50:38 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-09 22:30:34 421776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
path=C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
backup=C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30:34 421776 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54:26 981656 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12:14 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 08:05:45 4763008 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;C:\Windows\system32\DRIVERS\a38ccid.sys [x]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [x]
R4 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [x]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x]
S2 SZASSIST;SecretZone Assist Service;C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
S3 mdf16;mdf16;C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys [x]
S3 mvd22;mvd22;C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [x]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
Inhoud van de 'Gedeelde Taken' map
2012-11-14 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:11:20 . 2012-10-10 16:18:27]
2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]
2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]
2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job
- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]
2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job
- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]
------- Bijkomende Scan -------
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 195.130.131.5 195.130.130.133
FF - ProfilePath - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Digsby Donates - C:\Program Files\Digsby Donates\Uninst.exe
AddRemove-ImgBurn - I:\ImgBurn\uninstall.exe
-
Haast en spoed ...
Hier is het, en ik wacht nu netjes op de zegen van Kape :
ComboFix 12-11-14.01 - Pierre 15/11/2012 9:09.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1097 [GMT 1:00]
Gestart vanuit: c:\users\Pierre\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Pierre\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
---- Voorgaande Run -------
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
G:\Autorun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))
.
.
2012-11-15 08:22 . 2012-11-15 08:22 -------- d-----w- c:\users\Pierre\AppData\Local\temp
2012-11-15 08:22 . 2012-11-15 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 19:13 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-13 08:29 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll
2012-11-08 11:36 . 2012-11-08 11:36 -------- d-----w- c:\program files\Systweak
2012-11-08 11:20 . 2012-11-09 06:59 -------- d-----w- c:\programdata\Systweak
2012-11-08 11:20 . 2012-11-09 07:47 -------- d-----w- c:\program files\Advanced System Protector
2012-11-08 11:19 . 2012-11-09 07:06 -------- d-----w- c:\users\Pierre\AppData\Roaming\Systweak
2012-11-07 15:04 . 2012-11-13 19:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-28 08:05 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-28 08:05 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-28 08:05 . 2012-10-30 22:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-28 08:04 . 2012-10-30 22:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-28 08:04 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-28 08:04 . 2012-10-15 17:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-28 08:04 . 2012-10-30 22:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-28 08:04 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-28 08:04 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-28 08:04 . 2012-09-21 10:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-28 08:04 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-10-28 08:04 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 18:22 . 2012-10-28 08:23 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-27 18:22 . 2012-10-28 08:23 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-26 12:34 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-10-26 12:34 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-10-26 12:34 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\programdata\FileCure
2012-10-19 04:55 . 2012-10-19 04:55 -------- d-----w- c:\program files\ParetoLogic
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 14:33 . 2012-10-12 14:33 862664 ----a-w- c:\windows\system32\msvcr110.dll
2012-10-12 14:33 . 2012-10-12 14:33 534480 ----a-w- c:\windows\system32\msvcp110.dll
2012-10-12 14:33 . 2012-10-12 14:33 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2012-10-12 14:33 . 2012-10-12 14:33 44184 ----a-w- c:\windows\system32\drivers\point32.sys
2012-10-12 14:33 . 2012-10-12 14:33 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-10 16:18 . 2012-04-01 10:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 16:18 . 2011-05-25 13:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2010-11-26 08:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 20:32 . 2012-09-28 20:32 2122408 ----a-w- c:\windows\system32\coin92.dll
2012-09-24 14:32 . 2012-07-12 08:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2010-12-12 09:03 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 18:28 . 2012-10-10 19:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-06 16:41 . 2012-09-06 16:41 57344 ----a-r- c:\users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-09-06 16:38 . 2012-09-06 16:39 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-08-31 17:18 . 2012-10-10 19:00 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 19:00 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 19:00 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 19:03 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-22 17:30 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 17:30 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 17:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 17:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 17:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-20 14:53 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-20 14:53 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-20 14:53 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-20 14:53 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 09:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 12:01 . 2011-03-15 07:31 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40 . 2012-10-10 19:02 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 19:02 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 19:02 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
2012-10-28 08:23 . 2011-03-23 09:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 12:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98"="c:\users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
path=c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 08:05 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:18]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 16:37]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job
- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job
- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 195.130.131.5 195.130.130.133
FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-11-15 09:30:25
ComboFix-quarantined-files.txt 2012-11-15 08:30
.
Pre-Run: 134.845.755.392 bytes free
Post-Run: 134.765.879.296 bytes beschikbaar
.
- - End Of File - - A829924434C8197BE99E9C935FF80E21
-
Het ziet ernaar uit dat alles nu in orde is
Met veel dank aan Kape.
-
avast was op op voorhand uirgeschakeld (malware doet z'n werk goed.
Hieronder combofix log :ComboFix 12-11-13.03 - Pierre 14/11/2012 8:26:46.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2042.1123 [GMT 1:00]
Gestart vanuit: C:\Users\Pierre\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\system32\muzapp.exe
C:\Windows\system32\roboot.exe
C:\Windows\system32\System32\MASetupCleaner.exe
C:\Windows\system32\System32\muzapp.exe
G:\Autorun.inf
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))
2012-11-14 07:39:30 . 2012-11-14 07:39:53 -------- d-----w- C:\Users\Pierre\AppData\Local\temp
2012-11-14 07:39:30 . 2012-11-14 07:39:30 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-11-13 19:13:50 . 2012-08-21 12:01:22 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-11-13 08:29:04 . 2012-10-12 05:56:01 6918632 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A1A9E52-BBCD-4D16-BE2D-54B09D61D24F}\mpengine.dll
2012-11-08 11:36:44 . 2012-11-08 11:36:44 -------- d-----w- C:\Program Files\Systweak
2012-11-08 11:20:43 . 2012-11-09 06:59:11 -------- d-----w- C:\ProgramData\Systweak
2012-11-08 11:20:41 . 2012-11-09 07:47:10 -------- d-----w- C:\Program Files\Advanced System Protector
2012-11-08 11:19:01 . 2012-11-09 07:06:19 -------- d-----w- C:\Users\Pierre\AppData\Roaming\Systweak
2012-11-07 15:04:52 . 2012-11-13 19:13:46 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-01 09:08:37 . 2012-11-13 17:07:30 -------- d-----w- C:\Users\Pierre\AppData\Local\ElevatedDiagnostics
2012-10-28 08:05:53 . 2012-10-30 22:51:58 361032 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-10-28 08:05:53 . 2012-10-30 22:51:56 21256 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-10-28 08:05:38 . 2012-10-30 22:51:56 106560 ----a-w- C:\Windows\system32\drivers\aswFW.sys
2012-10-28 08:04:59 . 2012-10-30 22:51:58 199320 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys
2012-10-28 08:04:58 . 2012-10-30 22:51:58 54232 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-10-28 08:04:58 . 2012-10-15 17:59:28 44784 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-10-28 08:04:57 . 2012-10-30 22:51:56 20624 ----a-w- C:\Windows\system32\drivers\aswKbd.sys
2012-10-28 08:04:55 . 2012-10-30 22:51:58 738504 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-10-28 08:04:54 . 2012-10-30 22:51:57 58680 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-10-28 08:04:17 . 2012-09-21 10:26:08 12112 ----a-w- C:\Windows\system32\drivers\aswNdis.sys
2012-10-28 08:04:16 . 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-28 08:04:16 . 2012-10-30 22:50:59 227648 ----a-w- C:\Windows\system32\aswBoot.exe
2012-10-27 18:22:13 . 2012-10-28 08:23:11 96224 ----a-w- C:\Program Files\Mozilla Firefox\webapprt-stub.exe
2012-10-27 18:22:13 . 2012-10-28 08:23:11 157272 ----a-w- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-26 12:34:11 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2012-10-26 12:34:11 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2012-10-26 12:34:11 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll
2012-10-26 12:33:24 . 2012-10-26 12:33:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2012-10-25 02:12:26 . 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
2012-10-25 02:12:26 . 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\system32\QuickTime.qts
2012-10-19 04:55:27 . 2012-10-19 04:55:27 -------- d-----w- C:\ProgramData\FileCure
2012-10-19 04:55:26 . 2012-10-19 04:55:26 -------- d-----w- C:\Program Files\ParetoLogic
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-10-12 14:33:52 . 2012-10-12 14:33:52 862664 ----a-w- C:\Windows\system32\msvcr110.dll
2012-10-12 14:33:52 . 2012-10-12 14:33:52 534480 ----a-w- C:\Windows\system32\msvcp110.dll
2012-10-12 14:33:52 . 2012-10-12 14:33:52 251864 ----a-w- C:\Windows\system32\vccorlib110.dll
2012-10-12 14:33:50 . 2012-10-12 14:33:50 44184 ----a-w- C:\Windows\system32\drivers\point32.sys
2012-10-12 14:33:50 . 2012-10-12 14:33:50 1629040 ----a-w- C:\Windows\system32\WdfCoInstaller01011.dll
2012-10-10 16:18:27 . 2012-04-01 10:11:20 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-10-10 16:18:27 . 2011-05-25 13:37:13 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54:26 . 2010-11-26 08:04:35 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-28 20:32:08 . 2012-09-28 20:32:08 2122408 ----a-w- C:\Windows\system32\coin92.dll
2012-09-24 14:32:24 . 2012-07-12 08:45:11 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-09-24 14:32:20 . 2010-12-12 09:03:29 473072 ----a-w- C:\Windows\system32\deployJava1.dll
2012-09-14 18:28:53 . 2012-10-10 19:03:21 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-09-06 16:41:21 . 2012-09-06 16:41:21 57344 ----a-r- C:\Users\Pierre\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-09-06 16:38:45 . 2012-09-06 16:39:08 106496 ----a-w- C:\Windows\system32\ATL71.DLL
2012-08-31 17:18:09 . 2012-10-10 19:00:43 1211760 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 . 2012-10-10 19:00:26 3914096 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-08-30 17:12:02 . 2012-10-10 19:00:24 3968880 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-08-24 16:57:48 . 2012-10-10 19:03:33 172544 ----a-w- C:\Windows\system32\wintrust.dll
2012-08-24 06:59:17 . 2012-09-22 17:30:00 1800704 ----a-w- C:\Windows\system32\jscript9.dll
2012-08-24 06:51:27 . 2012-09-22 17:30:01 1129472 ----a-w- C:\Windows\system32\wininet.dll
2012-08-24 06:51:02 . 2012-09-22 17:29:57 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-08-24 06:47:26 . 2012-09-22 17:30:03 142848 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-08-24 06:47:12 . 2012-09-22 17:30:05 420864 ----a-w- C:\Windows\system32\vbscript.dll
2012-08-24 06:43:58 . 2012-09-22 17:30:05 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-08-22 17:16:54 . 2012-09-20 14:53:23 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 . 2012-09-20 14:53:32 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 . 2012-09-20 14:53:23 240496 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-08-22 17:16:36 . 2012-09-20 14:53:22 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 . 2012-09-26 09:19:06 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe
2012-08-21 12:01:22 . 2011-03-15 07:31:36 106928 ----a-w- C:\Windows\system32\GEARAspi.dll
2012-08-20 17:40:31 . 2012-10-10 19:02:28 169984 ----a-w- C:\Windows\system32\winsrv.dll
2012-08-20 17:40:01 . 2012-10-10 19:02:29 293376 ----a-w- C:\Windows\system32\KernelBase.dll
2012-08-20 17:37:58 . 2012-10-10 19:02:28 271360 ----a-w- C:\Windows\system32\conhost.exe
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:21 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 19:02:14 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32:12 . 2012-10-10 19:02:14 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:17 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:16 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:16 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 . 2012-10-10 19:02:16 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2007-03-12 16:59:00 . 2007-03-12 16:59:00 299008 ----a-w- C:\Program Files\navigram_register.exe
2012-10-28 08:23:15 . 2011-03-23 09:59:42 261600 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50:38 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 12:51:52 4756880 ----a-w- C:\Program Files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-09 22:30:34 421776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
[HKLM\~\startupfolder\C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
path=C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
backup=C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30:34 421776 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54:26 981656 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12:14 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 08:05:45 4763008 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;C:\Windows\system32\DRIVERS\a38ccid.sys [x]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [x]
R4 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [x]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x]
S2 SZASSIST;SecretZone Assist Service;C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
S3 mdf16;mdf16;C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys [x]
S3 mvd22;mvd22;C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [x]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
Inhoud van de 'Gedeelde Taken' map
2012-11-14 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:11:20 . 2012-10-10 16:18:27]
2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]
2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-28 17:39:31 . 2010-11-27 16:37:29]
2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000Core.job
- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]
2012-11-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928368068-922874608-215063479-1000UA.job
- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 16:37:31 . 2010-11-27 16:37:29]
------- Bijkomende Scan -------
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 195.130.131.5 195.130.130.133
FF - ProfilePath - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1pcwg2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-28 09:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-11 15:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-02-05 16:31; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - ExtSQL: !HIDDEN! 2011-11-14 13:55; belgiumeid@eid.belgium.be; C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Digsby Donates - C:\Program Files\Digsby Donates\Uninst.exe
AddRemove-ImgBurn - I:\ImgBurn\uninstall.exe
-
Dit is wel een heel vreemde evolutie. Het eerste logje was behoorlijk groter dan het nieuwe logje. Heb je nog meer items gefixed met HijackThis dan aangegeven ? Of is dit laatste log niet het volledige log dat je nu hebt aangemaakt in "veilige modus" ?
Is volledig, in veilige modus idd. ik blijf in veilige modus (niet echt handig) tot volgende stap
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:26:45, on 13/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Pierre\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Pierre\Downloads\HijackThis(4).exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
--
End of file - 3324 bytes
inderdaad, heb het weer in veilige modus moeten doen
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:09, on 13/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Pierre\Downloads\HijackThis(3).exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:
\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST
Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Freecause Shopping BHO - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files
\Digsby Donates\ShoppingBHO.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:
\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype
\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:
\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft
\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft
\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST
Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe"
/DelayServices
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement
Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" /atRestart
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support
\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader
\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin
\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center
2\NkMC2.exe -s
O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center
\itype.exe"
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center
\ipoint.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update
\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe"
/c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98] "C:\Users\Pierre
\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK
SERVICE')
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office
\Office14\ONENOTEM.EXE
O4 - Startup: Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup
\ISFGuage.exe
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto
Backup\ISFRealTimeD.exe
O4 - Startup: Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup
\ISFTimerD.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync
\GoogleCalendarSync.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:
\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:
\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-
C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer
\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer
\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program
Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program
Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -
C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-
EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:
\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live
\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live
\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files
\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype
\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live
\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files
\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems
Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:
\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile
Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast
\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast
\afwServ.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour
\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google
\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files
\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin
\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program
Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome
\mozybackup.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater
\Updater.exe
O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus
\Samsung SecretZone\SZAssistSVC.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files
\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
--
End of file - 11382 bytes
veilige modus heeft gefixt
Hoe weet ik nu of alles goed is ?
Wat als ik systeemherstel ga doen ?
Kan ik ongestraft (nutteloze) programma's verwijderen ?
-
Vreemd : MBAM heeft niets gevonden, Hijackthis moet ik telkens opnieuw installeren ?
Hieronder de logs :
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download
Databaseversie: v2012.11.13.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Pierre :: PIERRE-PC [administrator]
13/11/2012 10:06:17
mbam-log-2012-11-13 (10-06-17).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 210051
Verstreken tijd: 9 minuut/minuten, 16 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Fixen lukt niet : "no internet connction available.
Graag vervolg:embarassed:
-
Hier issie :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:07:18, on 12/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Pierre\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Pierre\Downloads\HijackThis(1).exe
C:\Windows\system32\notepad.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Freecause Shopping BHO - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files\Digsby Donates\ShoppingBHO.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" /atRestart
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C5FC491E2CAB4BC85E5326FDF3ED6A98] "C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
O4 - Startup: Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
--
End of file - 12995 bytes
-
Hallo allen,
Ben hier al eerder gekomen, login en pw kwijt (is lang geleden) dus starten met nieuwe lei
Ziehier :
HP Probook 4710 S
Intel Core DUO CPU
T6570 2.10 Ghz
32-bits
Windows7 Ultimate
Probleem : gebruik avast internet security en superantispyware, altijd
probleemloos tot paar weken geleden.
USB kent enkel muis, fototoestel en iphone. Geen printer, geen externe HD, Backup
maken onmogelijk, Ook Mozy online backup geeft fout meldingen, Windows doet bijna
dagelijks updaten, maar PC lijkt dat te negeren.
PC binnengedragen bij bekende winkel met vraag bestanden opslaan en windows
herinstalleren.
Toen ik hem terughaalde kreeg ik te horen "herinstalleren niet nodig, hebben er
malware afgehaald alles in orde" my ass, niets in orde, blijkbaar zijn ze er ook
niet in geslaagd.
Wanhoop, SYSTWEAK geïnstalleerd en betaald, programma aanvaardt licensie niet.
Nu zit ik met de handen in mijn haar.
alvast bij voorbaat dank.
Virus Windows7 + iphoneil 5
in Archief Windows Algemeen
Geplaatst:
Hallo,
Gisteren krijg ik ineens een reeks virussen binnen via een yahoo account.
Avast blokt die netjes af, geen gevaar voor mijn PC. Op mijn iphone is die yahoo account niet geïnstalleerd maar ik krijg daar gelijktijdig met de virussen op pc een reeks emails op gmail "dit bericht heeft geen afzender" en "dit bericht heeft geen inhoud" ; gevolg : ik dan die lege mails niet openen en dus ook niet verwijderen.
Dit is voor mij een compleet mysterie.
Iemand die het licht kan laten schijnen ?