Mystart incredibar

[Bartbart]

Hier is het txt bestand van Combofix.

ComboFix 12-07-10.01 - Bart 10-07-2012 22:19:49.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.5611.4058 [GMT 2:00]

Gestart vanuit: c:\users\Bart\Desktop\ComboFix.exe

AV: Norman Security Suite *Disabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}

FW: Norman Security Suite *Enabled* {E8034BA5-6C9C-91E7-BFF5-AAF12796A11A}

SP: Norman Security Suite *Disabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))

.

.

2012-07-10 21:12 . 2012-07-10 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-10 10:01 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B926EC52-C3D6-452B-83B8-18374AA13D75}\mpengine.dll

2012-07-09 19:48 . 2012-07-09 19:48 388096 ----a-r- c:\users\Bart\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-09 19:48 . 2012-07-09 19:48 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-09 19:27 . 2012-07-09 19:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\windows\system32\Macromed

2012-07-09 11:44 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-06 12:02 . 2012-07-06 12:02 -------- d-----w- c:\users\Bart\AppData\Local\WMTools Downloaded Files

2012-07-06 11:59 . 2012-07-06 11:59 -------- d-----w- c:\program files (x86)\Perion

2012-07-06 11:59 . 2012-07-06 11:59 447 ----a-w- C:\user.js

2012-07-04 19:54 . 2012-06-27 12:42 57440 ----a-w- c:\windows\system32\drivers\nvcv64mf.sys

2012-06-23 10:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 10:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 10:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 10:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 10:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-23 10:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 10:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 10:39 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 10:39 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 18:43 . 2012-06-20 18:43 -------- d-----w- c:\windows\nl

2012-06-20 18:40 . 2012-06-20 18:40 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-20 18:37 . 2012-06-20 18:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b02459e41cd4f1302\MeshBetaRemover.exe

2012-06-20 18:37 . 2012-06-20 18:37 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af6749d21cd4f1301\DSETUP.dll

2012-06-20 18:37 . 2012-06-20 18:37 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af6749d21cd4f1301\DXSETUP.exe

2012-06-20 18:37 . 2012-06-20 18:37 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af6749d21cd4f1301\dsetup32.dll

2012-06-20 18:33 . 2012-07-06 14:38 -------- d-----w- c:\users\Bart\AppData\Roaming\vlc

2012-06-20 18:31 . 2012-06-20 18:31 -------- d-----w- c:\program files (x86)\VideoLAN

2012-06-20 18:26 . 2012-07-06 10:40 -------- d-----w- c:\users\Bart\AppData\Local\Windows Live

2012-06-14 07:18 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 07:18 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-09 19:27 . 2011-08-08 01:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-07 18:19 . 2012-05-07 18:20 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-07 18:19 . 2012-05-07 18:20 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-16 14:37 . 2012-04-16 14:37 676968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2012-04-16 14:37 . 2012-04-16 14:37 74344 ----a-w- c:\windows\system32\RtNicProp64.dll

2012-04-16 14:37 . 2011-11-24 23:51 107624 ----a-w- c:\windows\system32\RTNUninst64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerSuite"="c:\progra~2\Uniblue\POWERS~1\launcher.exe" [2011-11-01 67448]

"Spotify"="c:\users\Bart\AppData\Roaming\Spotify\Spotify.exe" [2012-06-28 7609560]

"Spotify Web Helper"="c:\users\Bart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-28 1192664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-27 168504]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]

"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]

"PrintServer Diagnostic"="c:\program files (x86)\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ezSharedSvc;Easybits Services for Windows; [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257224]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv64mf.sys [2012-06-27 57440]

R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2012-06-28 287312]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]

S1 ALE_NF;Norman Network Filter ALE driver;c:\windows\system32\drivers\ale_nf64.sys [2011-12-02 108864]

S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2012-01-03 3854000]

S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs64.sys [2011-07-12 22368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-06 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NHS;Norman Hash Server;c:\program files\Norman\Nvc\bin\nhs.exe [2012-05-10 793520]

S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2011-11-14 231216]

S2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\npf\bin\npfsvc32.exe [2012-05-14 356904]

S2 npsvc32;Norman Privacy Service;c:\program files\Norman\Npt\Bin\Npsvc32.exe [2011-09-14 475864]

S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec64.sys [2011-11-11 63032]

S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2011-10-19 100936]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-03-22 95248]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 NIG;Norman Intrusion Guard;c:\program files\Norman\nig\bin\nigsvc32.exe [2012-05-16 373424]

S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2011-03-08 423752]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-16 676968]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-05-18 1145448]

S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2011-04-11 148240]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 19:27]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786748652-1491603511-2012280350-1001Core.job

- c:\users\Bart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 14:03]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786748652-1491603511-2012280350-1001UA.job

- c:\users\Bart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 14:03]

.

2012-06-15 c:\windows\Tasks\HPCeeScheduleForBart.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\SYSTEM32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Norman\Npm\Bin\elogsvc.exe

c:\program files\Norman\Npm\Bin\Zanda.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Norman\Npm\Bin\Njeeves.exe

c:\progra~2\Uniblue\POWERS~1\powersuite.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-10 23:50:48 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-10 21:50

.

Pre-Run: 393.741.422.592 bytes beschikbaar

Post-Run: 393.509.588.992 bytes beschikbaar

.

- - End Of File - - AF75FEDE23DE5DD3E81694461AE4974A

[kape]

Typ in het zoekvak bij Start de opdracht regedit. Dan ga je naar het register van de PC. Speur daar via "zoeken" naar MyStart en Incredibar. Alle sleutels waar je één van beiden kan vinden, mag je meteen verwijderen.

[Bartbart]

Ik heb alles verwijderd maar Incredibar start nog steeds op.

[kape]

Zoek ook dit {336D0C35-8A85-403a-B9D2-65C292C39087} nog eens op in het register. En verwijderen waar gevonden.

[Bartbart]

Ik heb {336D0C35-8A85-403a-B9D2-65C292C39087} gevonden in regedit maar krijg een foutmelding als ik dit wil verwijderen.

[kape]

Ik heb {336D0C35-8A85-403a-B9D2-65C292C39087} gevonden in regedit maar krijg een foutmelding als ik dit wil verwijderen.

Kijk dan eens in het openstaande mapje in de linkerkolom en pas daar de eigenschappen aan van Permissions-Machtigingen -> Special/Speciale Machtigingen -> Full Control/Volledig Beheer. En probeer eens of verwijderen dan wél lukt ?

[Bartbart]

Ik kan daar het vakje met Speciale Machtingen niet aankruisen.

[crockysam]

Je moet regedit starten met Administrator rechten.

Dat doe je door regedit te typen en ipv op ENTER te duwen, duw je op Ctrl+Shift+Enter om het te starten ;-)

[Bartbart]

Het werkt nog steeds niet ik alles geprobeerd maar het lukt me nog steeds niet om deze sleutel te verwijderen.

[kape]

Het werkt nog steeds niet ik alles geprobeerd maar het lukt me nog steeds niet om deze sleutel te verwijderen.

Kan je dan eens de volledige sleutel hier neerzetten : bvb. te beginnen bij HKLM -> en zo verder -> tot {336D0C35-8A85-403a-B9D2-65C292C39087}.

En heb je deze cijfercode slechts 1 keer aangetroffen in je register of meerdere keren ? Indien meer, zet dan alle volledige sleutels in je volgende bericht.