Text Enhance (2)

Veronika · 22 maart 2012

Goede morgen,

Ja, inderdaad, ik had het naar de map gesleept.

Hopelijk is deze wel goed.

ComboFix 12-03-21.02 - Veronica 22-03-2012 6:45.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6092.3701 [GMT 1:00]

Gestart vanuit: c:\users\Veronica\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Veronica\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPlyTune.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-22 to 2012-03-22 ))))))))))))))))))))))))))))))

.

2012-03-22 05:48 . 2012-03-22 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-21 19:09 . 2012-03-21 19:09 -------- d-----w- c:\users\Veronica\AppData\Roaming\Malwarebytes

2012-03-21 19:09 . 2012-03-21 19:19 -------- d-----w- c:\programdata\Malwarebytes

2012-03-21 19:09 . 2012-03-21 19:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-21 19:09 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-17 20:16 . 2012-03-17 20:16 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-17 20:16 . 2012-03-17 20:16 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 05:43 . 2012-03-21 13:21 -------- d-----w- c:\program files (x86)\QuickTime

2012-03-14 05:27 . 2012-03-21 19:06 -------- d-----w- c:\program files (x86)\DVDVideoSoftTB

2012-03-14 05:27 . 2012-03-14 19:29 -------- d-----w- c:\users\Veronica\AppData\Roaming\DVDVideoSoft

2012-03-14 02:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 02:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 02:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 01:44 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 01:44 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 01:44 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 01:41 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 01:41 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 01:41 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 01:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 01:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 01:41 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 01:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 19:58 . 2011-10-08 07:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-18 11:24 . 2011-04-24 12:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-01-18 11:22 . 2011-04-24 12:51 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-10 20:17 . 2012-01-10 20:16 4518720 ----a-w- c:\windows\SysWow64\FileZilla_3.5.3_win32-setup.exe

2012-01-04 10:44 . 2012-02-15 13:05 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 13:05 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-15 12:59 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-15 12:59 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-15 12:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-03-21_21.18.45 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-07 14:39 . 2011-01-07 14:39 51024 c:\windows\SysWOW64\vcomp100.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 51024 c:\windows\SysWOW64\vcomp100.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 80720 c:\windows\SysWOW64\mfcm100u.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 80720 c:\windows\SysWOW64\mfcm100u.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 80208 c:\windows\SysWOW64\mfcm100.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 80208 c:\windows\SysWOW64\mfcm100.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 60752 c:\windows\SysWOW64\mfc100rus.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 60752 c:\windows\SysWOW64\mfc100rus.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 43344 c:\windows\SysWOW64\mfc100kor.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 43344 c:\windows\SysWOW64\mfc100kor.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 43856 c:\windows\SysWOW64\mfc100jpn.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 43856 c:\windows\SysWOW64\mfc100jpn.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 62288 c:\windows\SysWOW64\mfc100ita.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 62288 c:\windows\SysWOW64\mfc100ita.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\SysWOW64\mfc100fra.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 64336 c:\windows\SysWOW64\mfc100fra.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 63824 c:\windows\SysWOW64\mfc100esn.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 63824 c:\windows\SysWOW64\mfc100esn.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 55120 c:\windows\SysWOW64\mfc100enu.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 55120 c:\windows\SysWOW64\mfc100enu.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 64336 c:\windows\SysWOW64\mfc100deu.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\SysWOW64\mfc100deu.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 36176 c:\windows\SysWOW64\mfc100cht.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\SysWOW64\mfc100cht.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 36176 c:\windows\SysWOW64\mfc100chs.dll

- 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\SysWOW64\mfc100chs.dll

+ 2010-11-21 03:09 . 2012-03-21 21:48 59552 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-21 21:48 42840 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-06 18:33 . 2012-03-21 21:48 10610 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3772001177-2477184715-30761800-1001_UserData.bin

- 2012-03-21 19:19 . 2012-03-21 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-21 21:46 . 2012-03-21 21:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-21 21:46 . 2012-03-21 21:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-21 19:19 . 2012-03-21 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-01-07 14:39 . 2011-01-07 14:39 768848 c:\windows\SysWOW64\msvcr100.dll

- 2010-11-09 13:20 . 2010-11-09 13:20 421200 c:\windows\SysWOW64\msvcp100.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 421200 c:\windows\SysWOW64\msvcp100.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 137544 c:\windows\SysWOW64\atl100.dll

- 2009-07-14 05:01 . 2012-03-21 19:18 459680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-03-21 21:45 459680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-03-18 08:15 . 2010-03-18 08:15 4368720 c:\windows\SysWOW64\mfc100u.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 4368720 c:\windows\SysWOW64\mfc100u.dll

+ 2011-01-07 14:39 . 2011-01-07 14:39 4342600 c:\windows\SysWOW64\mfc100.dll

+ 2011-01-07 19:10 . 2011-01-07 19:10 3991040 c:\windows\Installer\7b82ff.msp

+ 2011-10-07 19:40 . 2012-03-21 21:45 11724092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3772001177-2477184715-30761800-1001-12288.dat

- 2011-10-07 19:40 . 2012-03-21 19:18 11724092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3772001177-2477184715-30761800-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-03-07 17:15 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-07 1869152]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]

"XNeat Windows Manager"="c:\program files (x86)\XNeat Windows Manager\xnHost.exe" [2008-08-26 214016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2009-10-28 55808]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-07 982880]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Inktwaarschuwingen controleren - HP Photosmart 5510 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-15 1038088]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-07 918880]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3772001177-2477184715-30761800-1001Core.job

- c:\users\Veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 22:18]

.

2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3772001177-2477184715-30761800-1001UA.job

- c:\users\Veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 22:18]

.

2012-03-22 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-03-21 c:\windows\Tasks\HPCeeScheduleForVERONICA-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

2012-03-21 c:\windows\Tasks\HPCeeScheduleForVeronica.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\mdiudawf.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6e7ffd99-a99b-448f-819f-e46820d1ff10%7D&mid=f509ac283e5c47d182f36d3e7104b3a6-7c431e8a7fe429e41491cc0ef67fe0274894a95d&ds=AVG&v=10.2.0.3〈=nl&pr=fr&d=2011-11-06%2008%3A04%3A56&sap=ku&q=

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23600252309461268225482012031406181129');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{48FB8510-61E8-4DFF-88FD-5FB277118ED9} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-03-22 06:50:13

ComboFix-quarantined-files.txt 2012-03-22 05:50

ComboFix2.txt 2012-03-21 21:59

ComboFix3.txt 2012-03-21 21:20

.

Pre-Run: 616.984.903.680 bytes beschikbaar

Post-Run: 616.688.771.072 bytes beschikbaar

.

- - End Of File - - 892C48B8CFC5738BA7926C5AA5B32604

kape · 22 maart 2012

Dit is een pak beter verlopen ... nog slechts een klein deeltje blijft onopgelost. Dat mag je nu nog even aanpakken :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

Firefox::

FF - ProfilePath - c:\users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\mdiudawf.default\

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23600252309461268225482012031406181129');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Kijk ook eens even bij de add-ons van Firefox. Mocht je daar nog Dealply aantreffen, mag je die daar definitief verwijderen.

Veronika · 22 maart 2012

Vrij agressief programmaatje…., de linkjes zijn nog steeds niet weg. Misschien is het ook belangrijk te melden, via de configuratie scherm zie ik de Softonic.comNL FF Toolbar nog steeds staan. Is ook niet te verwijderen via de knop verwijderen/wijzigen.

ComboFix 12-03-21.02 - Veronica 22-03-2012 7:22.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6092.3505 [GMT 1:00]

Gestart vanuit: c:\users\Veronica\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Veronica\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-22 to 2012-03-22 ))))))))))))))))))))))))))))))

.

2012-03-22 06:25 . 2012-03-22 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp