incredibar

daikie01 · 19 juli 2012

ComboFix 12-07-19.02 - KoMiek 19-07-2012 22:57:37.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3063.1881 [GMT 2:00]

Gestart vanuit: c:\users\KoMiek\Desktop\ComboFix.exe

AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Public\sdelevURL.tmp

.

Besmet exemplaar van c:\windows\system32\Drivers\atapi.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))

.

2012-07-19 21:04 . 2012-07-19 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-19 21:04 . 2012-07-19 21:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-07-19 16:55 . 2012-07-19 16:55 -------- d-----w- c:\program files\CCleaner

2012-07-17 21:14 . 2012-07-17 21:15 -------- d-----w- c:\program files\TorrentSearch

2012-07-17 21:14 . 2012-07-17 21:15 -------- d-----w- c:\program files\OApps

2012-07-17 21:13 . 2012-07-17 21:15 -------- d-----w- c:\program files\smartdl

2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe

2012-07-12 21:08 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 16:19 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-12 16:18 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-12 16:18 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-12 16:18 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-12 16:18 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-12 16:17 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-07-12 16:17 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-07-12 16:17 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-12 16:17 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-12 16:17 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-07-12 16:17 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll

2012-07-12 16:17 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-12 16:17 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-12 16:17 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-12 16:17 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-06-26 16:03 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-26 15:14 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-26 15:14 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-26 15:14 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-26 15:14 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-26 15:14 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-26 15:14 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-26 15:14 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-26 15:13 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-26 15:13 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-24 11:52 . 2012-06-24 11:52 -------- d-----w- c:\users\KoMiek\AppData\Roaming\Malwarebytes

2012-06-24 11:52 . 2012-07-12 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-24 09:54 . 2012-06-24 10:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-06-24 09:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-24 09:35 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-24 09:35 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 19:58 . 2012-04-18 05:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-18 19:58 . 2012-01-06 08:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-17 22:36 . 2012-06-13 22:08 1103872 ----a-w- c:\windows\system32\urlmon(3715).dll

2012-05-17 22:35 . 2012-06-13 22:08 1129472 ----a-w- c:\windows\system32\wininet(3717).dll

2012-05-17 22:27 . 2012-06-13 22:08 1793024 ----a-w- c:\windows\system32\iertutil(3712).dll

2012-05-05 16:28 . 2012-05-05 16:28 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-05-01 04:44 . 2012-06-13 19:58 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17 . 2012-06-13 19:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-13 19:58 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-13 19:58 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-13 19:58 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:36 . 2012-06-13 19:57 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 19:57 1158656 ----a-w- c:\windows\system32\crypt32(3708).dll

2012-04-24 04:36 . 2012-06-13 19:57 103936 ----a-w- c:\windows\system32\cryptnet(3709).dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0931BD3F-547E-45C1-B133-D0E995645DBA}]

2012-07-13 17:44 92160 ----a-w- c:\program files\OApps\bho_project.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2010-03-26 472112]

"NPSStartup"="" [bU]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"Powersuite Monitor"="c:\program files\Uniblue\Powersuite\powersuite_monitor.exe" [2012-07-13 323936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^KoMiek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\users\KoMiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]

2010-12-17 12:37 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2011-01-08 10:52 90112 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2009-06-03 19:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

c:\program files\Epson Software\Event Manager\EEventManager.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX218 Series]

c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]

2009-10-02 12:26 284696 ----a-w- c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

2007-03-21 13:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2011-09-20 12:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]

2012-02-01 08:11 1083264 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 6-reminder]

2008-11-03 09:02 54560 ----a-w- c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF6 Registry Controller]

2009-07-27 00:14 110880 ----a-w- c:\program files\Nuance\PDF Professional 6\RegistryController.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]

2009-08-23 19:04 2080768 ----a-r- c:\program files\Nuance\PDF Professional 6\PdfPro6Hook.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]

2012-07-13 09:54 335712 ----a-w- c:\program files\Uniblue\Powersuite\launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2012-01-23 23:17 9210400 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-08-14 13:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]

c:\program files\Uniblue\SpyEraser\SpyEraser.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

c:\users\KoMiek\AppData\Roaming\WinDef.exe [bU]

.

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]

R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [x]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

R4 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [x]

R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 13:57]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 13:57]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

mStart Page =

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100

IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

MSConfigStartUp-CieoNetUtilities_0e Browser Plugin Loader - c:\progra~1\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe

MSConfigStartUp-Driver Whiz - c:\program files\Driver Whiz\Driver Whiz\DriverWhiz.exe

MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe

MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3492)

c:\program files\Pure Networks\Network Magic\nmrsrc.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-19 23:10:34 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-19 21:10

ComboFix2.txt 2012-06-24 09:12

ComboFix3.txt 2012-06-24 09:02

.

Pre-Run: 883.584.876.544 bytes beschikbaar

Post-Run: 883.482.783.744 bytes beschikbaar

.

- - End Of File - - B02C2EBA663676CDE0114CA60193DF6D

daikie01 · 19 juli 2012