Ga naar inhoud

laptop sloom


Aanbevolen berichten

Hier het logje van combofix

ComboFix 12-09-24.03 - petra 25-09-2012 19:28:32.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1919.700 [GMT 2:00]

Gestart vanuit: c:\users\petra\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\cb.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\cb.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\cid.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\cid.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\eb.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\eb.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\eb.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\eb.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\energy.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\energy.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\energy.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\energy.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\exec.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\exec.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\exec.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\exec.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\fan.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\fan.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\fix.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\fix.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\FW.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\FW.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\FW.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\gid.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\gid.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\gid.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\grid.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\pal.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\pal.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\pal.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\pal.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\PE.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\PE.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\PE.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\PE.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\sld.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\sld.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\sld.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\sld.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SM.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SM.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\SM.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\std.dll

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\std.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\std.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\std.tmp

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys

c:\users\petra\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp

c:\windows\IsUn0413.exe

c:\windows\msvcr71.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-25 to 2012-09-25 ))))))))))))))))))))))))))))))

.

.

2012-09-25 17:49 . 2012-09-25 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-25 17:44 . 2012-09-25 17:44 -------- d-----w- c:\users\petra\AppData\Local\Diagnostics

2012-09-25 16:52 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-09-25 16:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-09-25 16:48 . 2012-09-25 16:48 -------- d-----w- c:\program files\CCleaner

2012-09-25 16:28 . 2012-09-25 16:29 186 ----a-w- c:\windows\DeleteOnReboot.bat

2012-09-25 14:45 . 2012-09-25 14:45 -------- d-----w- c:\users\petra\AppData\Roaming\AVG2013

2012-09-25 14:44 . 2012-09-25 14:44 -------- d-----w- c:\users\petra\AppData\Roaming\TuneUp Software

2012-09-25 14:43 . 2012-09-25 14:43 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-09-25 14:43 . 2012-09-25 16:28 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-09-25 14:41 . 2012-09-25 14:53 -------- d-----w- c:\programdata\AVG2013

2012-09-25 14:34 . 2012-09-25 14:53 -------- d-----w- c:\users\petra\AppData\Local\Avg2013

2012-09-25 14:34 . 2012-09-25 14:34 -------- d-----w- c:\users\petra\AppData\Local\MFAData

2012-09-25 14:19 . 2012-09-25 14:19 -------- d-----w- c:\users\petra\AppData\Local\Windows Live Writer

2012-09-25 14:19 . 2012-09-25 14:19 -------- d-----w- c:\users\petra\AppData\Roaming\Windows Live Writer

2012-09-25 14:13 . 2012-09-25 14:13 -------- d-----w- c:\users\petra\AppData\Roaming\Malwarebytes

2012-09-25 14:12 . 2012-09-25 14:12 -------- d-----w- c:\programdata\Malwarebytes

2012-09-25 14:12 . 2012-09-25 14:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-25 14:12 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 14:01 . 2012-09-25 14:01 -------- d-----w- c:\windows\nl

2012-09-25 13:59 . 2012-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-09-25 13:57 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-09-25 13:57 . 2012-09-25 14:08 -------- d-----w- c:\program files\Windows Live

2012-09-25 13:50 . 2012-09-25 17:11 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-09-25 13:49 . 2012-09-25 13:49 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a2190e41cd9b2404\bingbarsetup.exe

2012-09-25 13:49 . 2012-09-25 13:49 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\90f939611cd9b2403\MeshBetaRemover.exe

2012-09-25 13:49 . 2012-09-25 13:49 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\895145ee1cd9b2402\DSETUP.dll

2012-09-25 13:49 . 2012-09-25 13:49 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\895145ee1cd9b2402\DXSETUP.exe

2012-09-25 13:49 . 2012-09-25 13:49 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\895145ee1cd9b2402\dsetup32.dll

2012-09-25 13:49 . 2012-09-25 13:49 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8313bd3a1cd9b2401\Silverlight.4.0.exe

2012-09-25 13:47 . 2012-09-25 16:21 -------- d-----w- c:\users\petra\AppData\Roaming\BrowserCompanion

2012-09-25 13:27 . 2012-09-25 13:27 388096 ----a-r- c:\users\petra\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-25 13:27 . 2012-09-25 13:27 -------- d-----w- c:\program files (x86)\Trend Micro

2012-09-17 16:58 . 2012-09-17 16:58 56672 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-09-14 03:34 . 2012-09-14 03:34 105312 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-09-12 09:47 . 2012-09-12 09:47 199520 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-12 09:47 . 2012-09-12 09:47 175968 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-12 07:53 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 07:53 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 07:53 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 07:53 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys

2012-09-12 07:53 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 07:53 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 07:53 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 07:53 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-20 08:13 . 2012-04-04 08:14 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 08:13 . 2012-04-04 08:14 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-12 06:49 . 2009-11-30 17:32 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-13 14:40 . 2012-08-13 14:40 150880 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-08-10 02:52 . 2012-08-10 02:52 40288 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-08-09 11:56 . 2012-08-09 11:56 230240 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-07-18 18:15 . 2012-08-23 19:00 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-23 20:43 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-23 19:00 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-23 19:00 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-23 19:00 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-23 19:00 41984 ----a-w- c:\windows\SysWow64\browcli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="c:\program files (x86)\Ares\Ares.exe" [2010-10-27 1015808]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 135664]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-08-26 34440]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 135664]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 30344]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336]

R3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-12-19 126440]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-17 56672]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-08-26 24840]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-09-12 175968]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-09-14 105312]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-12 199520]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-25 31080]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447848]

S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-25 722528]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]

S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2009-06-23 693248]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 sftfs;sftfs;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 712536]

S3 sftplay;sftplay;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 261480]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 25944]

S3 sftvol;sftvol;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 17752]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]

S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2009-09-04 555520]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:13]

.

2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]

.

2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.254

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

DPF: {BA58DE43-8189-42E6-871E-82159844CAC0} - hxxp://laplace.elearning.ism.nl/DesktopModules/Courses/FullScreenComponents/ISM_KioskEnableXControl1.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe

Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Toolbar-!!{8769adce-dba5-48e9-afb5-67b12cdf2e61} - (no file)

WebBrowser-{37295164-6894-4F93-AD7D-B7DE830DBB96} - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

HKLM-Run-SiSTray - c:\program files (x86)\SiS VGA Utilities\SiSTray.exe

AddRemove-ASUSUSBDEVIC - c:\windows\uninstall.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-09-25 19:58:07

ComboFix-quarantined-files.txt 2012-09-25 17:58

.

Pre-Run: 67.884.077.056 bytes beschikbaar

Post-Run: 68.603.830.272 bytes beschikbaar

.

- - End Of File - - 663B19531E55FA05BDB2CC8D601B2DA2

Hier het logje van MBAM

Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400

www.malwarebytes.org

Databaseversie: v2012.09.25.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

petra :: PETRA-PC [administrator]

Realtime bescherming: Ingeschakeld

25-9-2012 19:59:24

mbam-log-2012-09-25 (19-59-24).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 210723

Verstreken tijd: 8 minuut/minuten, 50 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

En hoe verwijder ik nu combofix en adwcleaner?

Link naar reactie
Delen op andere sites

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

MVPS Hosts, AdwCleaner en Security Check al gelukt ?

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.