Ga naar inhoud

sommige linken werken niet


pauwhoven

Aanbevolen berichten

  • Reacties 38
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

ComboFix 12-03-04.02 - Wilma 10-03-2012 10:03:02.6.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4553 [GMT 1:00]

Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))))

.

.

2012-03-10 09:04 . 2012-03-10 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-09 11:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4383741B-6F50-409C-B79D-454CA86EC479}\mpengine.dll

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital

2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters

2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz

2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys

2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys

2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll

2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-03 08:16 . 2012-03-10 09:07 56816 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-10 09:07 32316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-06-01 16:33 . 2012-03-10 09:07 12530 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin

- 2010-06-01 16:02 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-01 16:02 . 2012-03-08 15:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-06-01 16:02 . 2012-03-06 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-01 16:02 . 2012-03-08 15:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-08 15:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-10 09:05 . 2012-03-10 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-10 09:05 . 2012-03-10 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat

+ 2009-07-14 09:16 . 2012-03-09 19:03 706604 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-09 19:03 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-03-09 19:03 135626 c:\windows\system32\perfc013.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-03-09 19:03 108256 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-03-10 09:04 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-05 23:58 . 2012-03-09 04:43 1440732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-12288.dat

+ 2010-07-14 22:44 . 2012-03-10 09:04 28937832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat

+ 2011-06-27 22:26 . 2012-03-10 09:04 26418768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R2 nlsX86cc;Nalpeiron Licensing Service; [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-10 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\SYSTEM32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: microsoft.com\oas.support

Trusted Zone: microsoft.com\support

Trusted Zone: nero.com

TCP: DhcpNameServer = 192.168.2.254

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitasuperfiles');

user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

.

**************************************************************************

.

Voltooingstijd: 2012-03-10 10:11:13 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-10 09:11

ComboFix2.txt 2012-03-08 11:35

ComboFix3.txt 2012-03-06 18:10

ComboFix4.txt 2012-03-06 13:16

ComboFix5.txt 2012-03-10 09:02

.

Pre-Run: 20.172.820.480 bytes beschikbaar

Post-Run: 19.973.881.856 bytes beschikbaar

.

- - End Of File - - 61A1A8FDA7B6909C0D65FD53B714187D

Ik weet niet hoe ik je kan bedanken voor je hulp.

Klopt het dat ik de waarschuwing krijg van dat de proef van combofix voorbij is en ik heb nu voor beperkte service gekozen.

Groetjes Wilma

Link naar reactie
Delen op andere sites

Bij mijn weten heeft combofix geen proefperiode :hmmmm: maar ik zal het eens navragen bij mijn collega.

Maar al onze acties hebben niet het gewenste resultaat wat die dealply zit nog steeds in je firefox.

Kijk nogmaals bij de geinstalleerde add-ons of die dealply er nog tussen zit.

Verwijderen, firefox herstarten en opnieuw de add-ons controleren.

Wat is het resultaat?

Link naar reactie
Delen op andere sites

Volgens mijn collega is die verminderde functionaliteit te wijten aan windows en niet aan combofix zelf.

Ok, we gaan nog een poging doen met combofix.

Open het bestand CFScript.txt

Vervang de inhoud door onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

Firefox::

FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitasuperfiles');

user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

Sla het bestand op en sluit het kladblokvenster

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Normaal zou het bestand CFScript.txt op je bureaublad moeten staan.

Als het er niet staat, maken we toch gewoon een nieuw aan.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

Firefox::

FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitasuperfiles');

user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Kreeg combofix moeilijk opgestart.

Eerst wilde het slepen van kladblok niet lukken.

ComboFix 12-03-04.02 - Wilma 11-03-2012 10:43:26.7.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4504 [GMT 1:00]

Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\gebruikers\Wilma\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-11 to 2012-03-11 ))))))))))))))))))))))))))))))

.

.

2012-03-11 09:44 . 2012-03-11 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-11 08:47 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E506373-FD9D-498A-A0BB-7CCDE1BD153E}\mpengine.dll

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital

2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters

2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz

2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys

2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys

2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll

2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll

2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-03 08:16 . 2012-03-11 09:47 56982 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-11 09:47 32316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-06-01 16:33 . 2012-03-11 09:47 12578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin

- 2010-06-01 16:02 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-01 16:02 . 2012-03-10 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-06-01 16:02 . 2012-03-06 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-01 16:02 . 2012-03-10 15:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-10 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-11 09:45 . 2012-03-11 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-11 09:45 . 2012-03-11 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat

+ 2009-07-14 09:16 . 2012-03-11 08:41 706604 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-11 08:41 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-03-11 08:41 135626 c:\windows\system32\perfc013.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-03-11 08:41 108256 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-03-11 09:44 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-05 23:58 . 2012-03-09 04:43 1440732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-12288.dat

+ 2010-07-14 22:44 . 2012-03-11 09:44 28937832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat

+ 2011-06-27 22:26 . 2012-03-11 09:44 26418768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R2 nlsX86cc;Nalpeiron Licensing Service; [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-10 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-11 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\SYSTEM32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: microsoft.com\oas.support

Trusted Zone: microsoft.com\support

Trusted Zone: nero.com

TCP: DhcpNameServer = 192.168.2.254

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitasuperfiles');

user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

.

**************************************************************************

.

Voltooingstijd: 2012-03-11 10:51:53 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-11 09:51

ComboFix2.txt 2012-03-10 09:11

ComboFix3.txt 2012-03-08 11:35

ComboFix4.txt 2012-03-06 18:10

ComboFix5.txt 2012-03-11 09:42

.

Pre-Run: 19.861.708.800 bytes beschikbaar

Post-Run: 19.909.300.224 bytes beschikbaar

.

- - End Of File - - 7ADA361EC0C0A585589A0468A934B6AA

Krijg dit bericht als combofix wordt opgestart.

post-31650-1417704807,9129_thumb.jpg

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.