MyStart/Incredibar (25)

[nineke44]

ComboFix 12-07-02.01 - stadhouders 03-07-2012 23:06:19.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3583.2195 [GMT 2:00]

Gestart vanuit: c:\users\stadhouders\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\stadhouders\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Web Assistant

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Web Assistant\Firefox\chrome.manifest

c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js

c:\program files\Web Assistant\Firefox\chrome\content\main.js

c:\program files\Web Assistant\Firefox\chrome\content\main.xul

c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js

c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd

c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css

c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js

c:\program files\Web Assistant\Firefox\install.rdf

c:\program files\Web Assistant\InstallerHelper.dll

c:\program files\Web Assistant\libraries\DataExchangeScript.js

c:\program files\Web Assistant\resources\localscript.js

c:\program files\Web Assistant\source.crx

c:\program files\Web Assistant\unins000.dat

c:\program files\Web Assistant\unins000.exe

c:\programdata\vsosdk

c:\programdata\vsosdk\F82D4AA2A8F25D9BCC35A1B1EB02C234EC11744703416FC074A17C1AA7595FAE.vsoact

c:\users\stadhouders\AppData\Roaming\{90140011-0062-0413-0000-0000000FF1CE}

c:\users\stadhouders\AppData\Roaming\{90140011-0062-0413-0000-0000000FF1CE}\ffb.xml

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Web Assistant Updater

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-03 to 2012-07-03 ))))))))))))))))))))))))))))))

.

.

2012-07-03 21:15 . 2012-07-03 21:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99FD8148-664E-4A5A-9E1E-53A965D0BCEC}\offreg.dll

2012-07-03 21:15 . 2012-07-03 21:15 -------- d-----w- c:\users\Fam. Stadhouders\AppData\Local\temp

2012-07-01 22:05 . 2012-07-01 22:05 -------- d-----w- c:\users\stadhouders\AppData\Roaming\Malwarebytes

2012-07-01 22:05 . 2012-07-01 22:05 -------- d-----w- c:\programdata\Malwarebytes

2012-07-01 22:05 . 2012-07-01 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-01 22:05 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-01 21:27 . 2012-07-01 21:27 -------- d-----w- c:\program files\CCleaner

2012-07-01 21:20 . 2012-07-01 21:20 388096 ----a-r- c:\users\stadhouders\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-01 21:20 . 2012-07-01 21:20 -------- d-----w- c:\program files\Trend Micro

2012-06-29 12:33 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99FD8148-664E-4A5A-9E1E-53A965D0BCEC}\mpengine.dll

2012-06-26 21:59 . 2012-06-26 22:07 -------- d-----w- c:\program files\Lego Batman 2 - DC Super Heroes

2012-06-26 21:50 . 2012-06-26 21:50 -------- d-----w- c:\program files\Toggle Downloader

2012-06-24 14:25 . 2012-06-24 15:24 -------- d-----w- c:\program files\Eidos

2012-06-24 13:00 . 2012-06-25 10:54 -------- d-----w- c:\programdata\POPWWPROFILES

2012-06-24 12:49 . 2003-10-27 13:06 505104 ----a-r- c:\windows\system32\msxml.dll

2012-06-24 12:49 . 2003-10-27 13:06 115016 ----a-r- c:\windows\system32\MSINET.OCX

2012-06-24 12:49 . 2003-10-27 13:06 89360 ----a-r- c:\windows\system32\VB5DB.DLL

2012-06-24 12:49 . 2003-10-27 13:06 69632 ----a-r- c:\windows\system32\xmltok.dll

2012-06-24 12:49 . 2003-10-27 13:06 36864 ----a-r- c:\windows\system32\xmlparse.dll

2012-06-24 12:49 . 2003-10-27 13:06 28432 ----a-r- c:\windows\system32\msxmlr.dll

2012-06-24 12:49 . 2003-10-27 13:06 26096 ----a-r- c:\windows\system32\xmlinst.exe

2012-06-24 12:49 . 2003-10-27 13:06 35840 ----a-r- c:\windows\system32\comdlg32.oca

2012-06-24 12:49 . 2003-10-27 13:06 29184 ----a-r- c:\windows\system32\MSINET.oca

2012-06-24 12:49 . 2003-10-27 13:06 24576 ----a-r- c:\windows\system32\msxml3a.dll

2012-06-24 12:49 . 2003-10-27 13:06 140488 ----a-r- c:\windows\system32\comdlg32.ocx

2012-06-24 12:44 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-06-24 12:44 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-06-24 12:44 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-06-24 12:44 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-06-24 12:44 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-06-24 12:12 . 2012-06-24 12:12 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-06-24 12:12 . 2012-06-24 12:12 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-06-21 08:25 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 08:25 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 08:25 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 08:25 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 08:25 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 08:25 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 08:25 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 08:25 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 08:25 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 17:30 . 2012-06-26 22:09 -------- d-----w- c:\users\stadhouders\AppData\Roaming\Warner Bros. Interactive Entertainment

2012-06-20 17:28 . 2012-06-20 17:28 -------- d-----w- c:\program files\Warner Bros. Interactive Entertainment

2012-06-16 20:28 . 2012-06-16 20:28 -------- d-----w- c:\program files\iPod

2012-06-16 20:28 . 2012-06-16 20:29 -------- d-----w- c:\program files\iTunes

2012-06-14 18:21 . 2012-06-26 21:20 -------- d-----w- c:\users\stadhouders\AppData\Roaming\ImgBurn

2012-06-14 18:20 . 2012-06-14 18:20 -------- d-----w- c:\program files\ImgBurn

2012-06-14 18:07 . 2012-07-03 19:08 -------- d-----w- c:\users\stadhouders\AppData\Roaming\Vso

2012-06-14 18:07 . 2010-02-09 14:37 65602 ----a-w- c:\windows\system32\cook3260.dll

2012-06-14 18:07 . 2010-02-09 14:37 217127 ----a-w- c:\windows\system32\drv43260.dll

2012-06-14 18:07 . 2010-02-09 14:37 208935 ----a-w- c:\windows\system32\drv33260.dll

2012-06-14 18:07 . 2010-02-09 14:37 176165 ----a-w- c:\windows\system32\drv23260.dll

2012-06-14 18:07 . 2010-02-09 14:37 102439 ----a-w- c:\windows\system32\sipr3260.dll

2012-06-14 18:07 . 2010-02-09 14:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2012-06-14 18:07 . 2010-02-09 14:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2012-06-14 18:07 . 2012-06-14 18:07 -------- d-----w- c:\program files\VSO

2012-06-14 18:06 . 2012-06-14 18:06 905307 ----a-w- c:\windows\system32\lnsecsl.exe

2012-06-14 08:32 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-14 08:32 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 08:32 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 08:32 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 08:32 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 08:32 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 08:32 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 08:32 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 08:32 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 08:32 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 20:49 . 2012-06-13 20:49 -------- d-----w- c:\program files\1ClickDownload

2012-06-13 17:35 . 2012-06-13 17:35 -------- d-----w- c:\program files\Common Files\Java

2012-06-13 17:34 . 2012-06-13 17:34 -------- d-----w- c:\program files\Oracle

2012-06-13 17:34 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-10 18:59 . 2012-06-15 10:25 -------- d-----w- c:\programdata\VirtualizedApplications

2012-06-10 16:48 . 2012-06-10 16:48 -------- d-----w- c:\programdata\Virtualized Applications

2012-06-10 16:44 . 2012-06-10 16:49 -------- d-----w- c:\users\stadhouders\AppData\Local\SoftGrid Client

2012-06-10 16:44 . 2012-07-03 20:41 -------- d-----w- c:\users\stadhouders\AppData\Roaming\SoftGrid Client

2012-06-10 16:43 . 2012-06-11 23:00 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2012-06-10 16:43 . 2012-06-25 09:00 -------- d-----w- c:\users\stadhouders\AppData\Roaming\TP

2012-06-09 15:11 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2012-06-09 15:11 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2012-06-09 15:11 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2012-06-09 14:55 . 2012-06-24 13:00 -------- d-----w- c:\program files\Ubisoft

2012-06-09 14:55 . 2012-06-24 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-14 08:28 . 2012-04-19 15:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-14 08:28 . 2012-04-19 15:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-29 18:22 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-04-27 23:17 . 2012-04-27 23:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-20 22:40 . 2012-04-20 22:42 24576 ----a-w- c:\windows\system32\AsIO.dll

2012-04-20 22:40 . 2012-04-20 22:42 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys

2012-04-20 22:40 . 2009-05-13 17:11 6504 ----a-w- c:\windows\system32\drivers\ASACPI.sys

2012-04-20 21:18 . 2012-04-20 21:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-04-20 21:18 . 2012-04-20 21:18 161792 ----a-w- c:\windows\system32\msls31.dll

2012-04-20 21:18 . 2012-04-20 21:18 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-04-20 21:18 . 2012-04-20 21:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-04-20 21:18 . 2012-04-20 21:18 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-04-20 21:18 . 2012-04-20 21:18 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-04-20 21:18 . 2012-04-20 21:18 367104 ----a-w- c:\windows\system32\html.iec

2012-04-20 21:18 . 2012-04-20 21:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-04-20 21:18 . 2012-04-20 21:18 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-04-20 21:18 . 2012-04-20 21:18 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-04-20 21:18 . 2012-04-20 21:18 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-04-20 21:18 . 2012-04-20 21:18 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-04-20 21:18 . 2012-04-20 21:18 152064 ----a-w- c:\windows\system32\wextract.exe

2012-04-20 21:18 . 2012-04-20 21:18 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-04-20 21:18 . 2012-04-20 21:18 11776 ----a-w- c:\windows\system32\mshta.exe

2012-04-20 21:18 . 2012-04-20 21:18 101888 ----a-w- c:\windows\system32\admparse.dll

2012-04-19 17:58 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-19 15:30 . 2012-04-19 15:30 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-03_19.40.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:55 . 2012-07-03 21:18 39818 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-04-19 15:15 . 2012-07-03 21:18 12764 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1697967434-1681607132-3168893933-1001_UserData.bin

- 2012-07-03 17:44 . 2012-07-03 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-03 20:42 . 2012-07-03 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-03 17:44 . 2012-07-03 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-03 20:42 . 2012-07-03 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:47 . 2012-07-03 16:42 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2012-07-03 20:41 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-04-19 18:14 . 2012-07-03 20:41 7399948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697967434-1681607132-3168893933-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-19 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\users\stadhouders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1109000.00C\SYMDS.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1109000.00C\SYMEFA.SYS [x]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [x]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1109000.00C\ccHPx86.sys [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120702.001\IDSvix86.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1109000.00C\Ironx86.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1109000.00C\SYMTDIV.SYS [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 08:28]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-19 21:40]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-19 21:40]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697967434-1681607132-3168893933-1001Core.job

- c:\users\stadhouders\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 15:37]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697967434-1681607132-3168893933-1001UA.job

- c:\users\stadhouders\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 15:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.rtl.nl/actueel/rtlboulevard/home/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\Web Assistant\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1697967434-1681607132-3168893933-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1697967434-1681607132-3168893933-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\iPod\bin\iPodService.exe

q:\140062.nld\Office14\ONENOTEM.EXE

c:\program files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-03 23:27:28 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-03 21:27

ComboFix2.txt 2012-07-03 21:04

ComboFix3.txt 2012-07-03 19:49

.

Pre-Run: 712.492.146.688 bytes beschikbaar

Post-Run: 712.592.203.776 bytes beschikbaar

.

- - End Of File - - F605300C00EEC1867C9B4486B8C298F1

[kape]

Hoe staat het nu met MyStart/Incredibar ?

[nineke44]

Volgens mij is het probleem opgelost, heel erg bedankt!! Thank God for whizkids!

Nu heb ik nog het probleem dat ik soms ineens spontaan geluiden hoor op mijn koptelefoon, het lijkt wel van een of andere website. En op youtube zijn er ineens veel meer reclames lijkt het wel. Kan dat ook hiermee te maken hebben? Zal ik hiervoor een nieuw topic openen?

[kape]

Laat ons eerst eens de gebruikte tools en de restjes van de besmetting opruimen. En dan kan je daarna bekijken of de problemen met de "geluiden" en de "reclames" nog steeds aanwezig zijn.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

• via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  
• Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  
• Klik op "Toepassen" en "OK".
  
• Herstart nu de PC.
  

Laat dan maar even weten hoe de situatie nu is ?

[nineke44]

Ik heb alles gedaan zoals hierboven omschreven en je hebt gelijk: alle klachten zijn verdwenen! Ik ben heel erg blij dat ik dit forum heb gevonden want als leek krijg je dit natuurlijk never nooit niet voor elkaar. Dank je wel! Mocht ik in de toekomst weer problemen hebben, dan kom ik zeker terug! Nog 1 laatste vraagje: heb je enig idee waar incredibar vandaan komt?

[kape]

MyStart/Incredibar wordt - meestal ongewenst - mee binnengehaald bij het downloaden van andere soorten (gratis) software. Zonder dat je ervan in kennis wordt gesteld, komt dit programma mee en nestelt zich dit op je PC als browser-hijacker.

[nineke44]

Aha, dan weet ik denk ik al waar het vandaan is gekomen, foutje van mijn zoon..... Nogmaals bedankt!