http://www.myserchresults.com

Jean Paul · 21 december 2012

Dit is allemaal zo gebeurd .Maar nog steeds geen antwoord op mijn vraag!

kweezie wabbit · 21 december 2012

Dit is allemaal zo gebeurd .

Kan je dan de logjes plaatsen aub?

Maar nog steeds geen antwoord op mijn vraag!

Welk deel van de gegeven antwoorden begrijp je niet?

Het deel waarin we proberen uitleggen dat er geen pasklaar antwoord is op je vraag?

Of het deel waarin we zeggen dat we toch blijven proberen om het op te lossen ondanks de bijkomende onregelmatigheden die opduiken?

kape · 21 december 2012

Dit is allemaal zo gebeurd .Maar nog steeds geen antwoord op mijn vraag!

Het antwoord stond nochtans in een vorig bericht ...

KIjk ... er kan geen duidelijk antwoord komen op je vraag, indien we eerst niet alle middelen hebben ingezet om alle foute gegevens (mappen, bestanden en registersleutels) op je PC te hebben verwijderd (of ten minste een poging hebben gedaan om deze te verwijderen). De resultaten van de verschillende behandelingen leveren steeds nieuwe gegevens en/of problemen op, die dan weer eerst - met één of andere actie - moeten aangepakt worden. Zolang daarbij ongewenste zaken blijven opduiken, moeten we daar mee verder gaan.
Het is duidelijk dat al die 'no file'-sleutels behoren tot ongewenste toolbars op je PC. Of ze een negatieve invloed hebben op de werking van de PC is een andere zaak, maar voor de goede gang van zaken worden ze best verwijderd. Indien het voor jou volstaat om zonder deze verwijdering verder te werken met de PC, is je eigen keuze. Dan kunnen we de zoektocht naar de oorzaak van het verschijnen van deze sleutels stopzetten. Behoort dit tot je wensen, dan zullen wij ons daar graag bij neerleggen. Ook hier is de klant koning

Als dat geen antwoord is, begrijpen we echt niet wat je onder een "antwoord" verstaat

Jean Paul · 21 december 2012

Dit is nu een duidelijke uitleg .

Jean Paul · 21 december 2012

En nu ?

Jean-Pierre · 21 december 2012

Een antwoord op post 59 zou wenselijk zijn om te antwoorden op je vraag!!

Het Combofix gedeelte wel te verstaan.

21 december 2012 aangepast door Jean-Pierre

kape · 22 december 2012

Dit is nu een duidelijke uitleg .

Bedankt voor je appreciatie ... maar diezelfde uitleg stond eerder ook al in het bericht 59 en volkomen identiek ;-)

Jean Paul · 22 december 2012

Dag, is dit wat u wilde hebben, volgens punt 66 ?

ComboFix 12-12-20.02 - Jeanpaul 22/12/2012 10:59:37.8.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6092.3875 [GMT 1:00]

Gestart vanuit: c:\program files\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jeanpaul\Desktop\CFScript).txt

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-22 to 2012-12-22 ))))))))))))))))))))))))))))))

.

2012-12-22 10:07 . 2012-12-22 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-22 10:07 . 2012-12-22 10:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-21 11:33 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 11:33 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 11:33 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 11:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-21 09:53 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F77899D-2D9C-42AE-A71C-41551CEE5256}\mpengine.dll

2012-12-18 22:35 . 2012-12-18 22:35 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Softplicity

2012-12-18 22:35 . 2012-12-18 22:35 -------- d-----w- c:\program files (x86)\Total PDF Converter

2012-12-18 19:11 . 2012-12-18 19:35 -------- d-----w- c:\program files (x86)\office Convert Pdf to Jpg Jpeg Tiff

2012-12-18 19:08 . 2012-12-18 19:08 -------- d-----w- C:\Output Files

2012-12-18 18:22 . 2012-12-18 19:35 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2012-12-18 14:35 . 2012-12-20 21:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-18 14:35 . 2012-12-20 21:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-17 17:49 . 2012-12-17 17:49 61440 ----a-w- c:\windows\SysWow64\drivers\puxr.sys

2012-12-17 08:17 . 2012-12-18 17:04 -------- d-----w- c:\program files\FrostWire 5

2012-12-16 09:32 . 2012-12-17 10:42 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\vlc

2012-12-15 10:43 . 2012-12-15 10:43 -------- d-----w- c:\program files (x86)\VideoLAN

2012-12-15 10:40 . 2012-12-16 11:12 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Fighters

2012-12-15 10:39 . 2012-12-16 11:13 -------- d-----w- c:\programdata\Fighters

2012-12-15 10:38 . 2012-12-15 10:38 652072 ----a-w- c:\program files\VLC_Media_Player_Setup.exe

2012-12-12 19:39 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 19:38 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 19:38 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-12 19:38 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 19:38 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 17:31 . 2012-12-12 17:31 15728568 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-12-12 17:16 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-12 16:44 . 2012-12-12 16:44 -------- d-----w- c:\programdata\BrowserProtect

2012-12-12 16:32 . 2012-12-12 16:32 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Paltalk

2012-12-12 16:32 . 2012-12-12 16:32 -------- d-----w- c:\programdata\APN

2012-12-08 08:49 . 2012-12-08 08:49 3427424 ----a-w- c:\program files\rcsetup144.exe

2012-12-04 08:55 . 2012-12-04 08:55 -------- d-----w- c:\users\Jeanpaul\AppData\Local\Microsoft Help

2012-12-04 08:55 . 2012-12-04 08:55 -------- d-----w- c:\programdata\Microsoft Help

2012-12-03 08:11 . 2012-12-03 08:11 -------- d-----w- c:\users\Jeanpaul\AppData\Local\APN

2012-11-28 10:25 . 2012-11-28 10:25 388096 ----a-r- c:\users\Jeanpaul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-28 10:23 . 2012-11-28 10:23 1402880 ----a-w- c:\program files\HiJackThis.msi

2012-11-28 08:49 . 2012-12-20 10:46 5012825 ------r- c:\program files\ComboFix.exe

2012-11-27 21:56 . 2012-11-27 21:57 10669952 ----a-w- c:\program files\mbam-setup-1.65.1.1000.exe

2012-11-27 10:58 . 2012-11-27 10:58 480125 ----a-w- c:\program files\adwcleaner.exe

2012-11-23 10:38 . 2012-11-23 10:38 -------- d-----w- c:\programdata\Virtualized Applications

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 17:18 . 2012-01-27 16:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-20 21:45 . 2012-11-20 21:45 135933721 ----a-w- c:\program files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe

2012-11-19 13:30 . 2012-11-19 13:30 373440 ----a-w- c:\program files (x86)\SoftonicDownloader_voor_bs-player.exe

2012-10-16 08:38 . 2012-12-01 08:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-01 08:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-01 08:27 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-16 16:40 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 16:40 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 16:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 16:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 19:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 16:40 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 16:40 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 16:40 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 16:40 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 16:40 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 16:40 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 16:40 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 16:40 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 16:40 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 16:40 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 16:40 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-25 22:47 . 2012-11-16 16:39 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-16 16:39 95744 ----a-w- c:\windows\system32\synceng.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

c:\program files (x86)\PriceGong\2.6.9\PriceGongIE.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]

c:\program files (x86)\DealPly\DealPlyIE.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

c:\program files (x86)\WiseConvert\prxtbWise.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Gadwin PrintScreen"="c:\program files\PrintScreen\PrintScreen.exe" [2011-05-03 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\users\Jeanpaul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-04-12 35840]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [2011-07-25 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [2011-09-27 1084024]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [2011-08-08 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121221.001\IDSvia64.sys [2012-12-11 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [2011-07-26 189560]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [2011-07-26 401016]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-07 203776]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]

S2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Speed Up\PCSUService.exe [2011-11-07 235232]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-16 138912]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 21:44]

.

2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 21:44]

.

2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 21:44]

.

2012-12-17 c:\windows\Tasks\HPCeeScheduleForJeanpaul.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe

AddRemove-WiseConvert Toolbar - c:\program files (x86)\WiseConvert\uninstall.exe

AddRemove-{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} - c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-22 11:09:31

ComboFix-quarantined-files.txt 2012-12-22 10:09

ComboFix2.txt 2012-12-20 16:26

ComboFix3.txt 2012-12-20 11:07

ComboFix4.txt 2012-12-18 22:19

ComboFix5.txt 2012-12-22 09:58

.

Pre-Run: 504.732.618.752 bytes beschikbaar

Post-Run: 504.681.979.904 bytes beschikbaar

.

- - End Of File - - 117295ED0C300F6E3A6ACA4ABA36BB36

kape · 22 december 2012

Inderdaad ... dat was het. Alleen heb je een klein foutje gedaan bij de benaming van het scriptje, waardoor het zijn werk niet heeft kunnen uitvoeren. Je hebt volgende naam gegeven c:\users\Jeanpaul\Desktop\CFScript).txt. De correcte benaming moest echter c:\users\Jeanpaul\Desktop\CFScript.txt (zonder het haakje) zijn.

Wil je de naam van het bestand wijzigen in de correcte naam en dan de procedure nog eens herhalen. Daarna mag je het nieuwe logje in een volgend bericht plaatsen.

Jean Paul · 22 december 2012

Hopelijk nu goed :

ComboFix 12-12-22.01 - Jeanpaul 22/12/2012 11:49:41.9.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6092.3785 [GMT 1:00]

Gestart vanuit: c:\program files\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jeanpaul\Desktop\CFScript.txt

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-22 to 2012-12-22 ))))))))))))))))))))))))))))))

.

2012-12-22 10:56 . 2012-12-22 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-22 10:56 . 2012-12-22 10:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp