ComboFix 12-01-21.02 - Susan 22-01-2012 21:16:47.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3071.1825 [GMT 1:00] Gestart vanuit: c:\users\Susan\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))) . . 2012-01-22 20:25 . 2012-01-22 20:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61088D36-8ED4-4413-A148-56F25CB42A74}\offreg.dll 2012-01-22 20:23 . 2012-01-22 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-21 19:06 . 2012-01-21 19:06 -------- d-----w- c:\users\Susan\AppData\Roaming\Malwarebytes 2012-01-21 19:06 . 2012-01-21 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-21 19:06 . 2012-01-21 19:06 -------- d-----w- c:\programdata\Malwarebytes 2012-01-21 19:06 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-20 10:31 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61088D36-8ED4-4413-A148-56F25CB42A74}\mpengine.dll 2012-01-11 12:55 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 12:54 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll 2012-01-11 12:54 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 12:54 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-24 04:23 . 2011-12-20 14:49 2340352 ----a-w- c:\windows\system32\win32k.sys 2011-11-15 13:29 . 2010-04-07 07:29 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-05 04:35 . 2011-12-20 14:49 981504 ----a-w- c:\windows\system32\wininet.dll 2011-11-05 04:34 . 2011-12-20 14:49 44544 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-05 04:30 . 2011-12-20 14:48 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 03:28 . 2011-12-20 14:49 386048 ----a-w- c:\windows\system32\html.iec 2011-11-05 02:55 . 2011-12-20 14:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-26 04:42 . 2011-12-20 14:48 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 04:42 . 2011-12-20 14:48 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-26 04:25 . 2011-12-20 14:48 38912 ----a-w- c:\windows\system32\csrsrv.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720] . c:\users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-07-04 121000] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-08 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-07-04 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912] . . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uStart Page = hxxp://nl.msn.com IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-BsScanner MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-01-22 21:32:35 ComboFix-quarantined-files.txt 2012-01-22 20:32 . Pre-Run: 639.854.235.648 bytes beschikbaar Post-Run: 640.516.775.936 bytes beschikbaar . - - End Of File - - 562C8722BB063F3BE69CE40A901C76E4