-
IA store icon/foutmelding internet explorer & outlook/
OS: windows 7 (64)
- reeds gescand met AVG (geen infecties gevonden)
- malware: 3 infecties gevonden en verwijderd
PS: in normale modus werkt outlook niet, kan er niets gedownload worden (executives functioneren niet), in veilige modus echter werkt outlook wel, alsook de meeste downloads.
bij opstart windows, foutmelding: IA Stor icon has stopped working. Vervolgens bij opstart internet explorer: a computer program has corrupted your default search setting for internet explorer. Internet Explorer has reset this setting to your original search provider (http://www.bing.com) Internet Explorer will now open Search settings, where you can change this setting or install more search providers:
Malwarebytes' Anti-Malware log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Databaseversie: v2012.01.06.02
Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 9.0.8112.16421
Fluxys :: HOME874C87 [administrator]
06/01/2012 18:55:32
mbam-log-2012-01-06 (18-55-32).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 175762
Verstreken tijd: 2 minuut/minuten,
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:50:33, on 06/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Fluxys\AppData\Local\Temp\HouseCall32\housecall.bin
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2010/11/05 21:10:50 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13231 bytes
-
Hijack Mod
Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier of hier staat een handleiding over hoe je deze kan uitschakelen: )
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
-
ComboFix 12-01-06.01 - Fluxys 06/01/2012 19:57:09.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16343.14779 [GMT 1:00]
Running from: c:\users\Fluxys\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fluxys\AppData\Roaming\inst.exe
c:\users\Fluxys\AppData\Roaming\vso_ts_preview.xml
c:\users\Fluxys\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 19:01 . 2012-01-06 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-06 18:58 . 2012-01-06 18:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78A652E6-7C52-40D5-AFB7-AE6AD03EF040}\offreg.dll
2012-01-06 17:36 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-06 17:07 . 2012-01-06 17:07 -------- d--h--w- c:\programdata\Common Files
2012-01-06 17:05 . 2012-01-06 17:05 13048 ----a-w- c:\windows\system32\avgrssta.dll
2012-01-06 17:03 . 2012-01-06 17:03 388096 ----a-r- c:\users\Fluxys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 17:03 . 2012-01-06 17:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-06 16:52 . 2012-01-06 16:52 -------- d-----w- C:\$AVG
2012-01-06 16:52 . 2012-01-06 17:05 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-06 16:52 . 2012-01-06 17:05 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-01-06 16:52 . 2012-01-06 17:05 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-06 16:52 . 2012-01-06 17:05 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-01-06 16:52 . 2012-01-06 16:52 -------- d-----w- c:\windows\system32\drivers\Avg
2012-01-06 16:51 . 2012-01-06 16:51 -------- d-----w- c:\programdata\avg9
2012-01-06 16:51 . 2012-01-06 16:51 -------- d-----w- c:\program files (x86)\AVG
2012-01-06 12:55 . 2012-01-06 12:55 -------- d-----w- c:\users\Fluxys\AppData\Roaming\Malwarebytes
2012-01-06 12:55 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-05 23:51 . 2012-01-05 23:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\Fluxys\AppData\Roaming\F-Secure
2012-01-05 19:19 . 2012-01-06 17:03 -------- d-----w- C:\temp
2012-01-03 20:36 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78A652E6-7C52-40D5-AFB7-AE6AD03EF040}\mpengine.dll
2012-01-02 14:08 . 2012-01-02 14:16 -------- d-----w- c:\programdata\iolo
2012-01-02 10:46 . 2012-01-02 11:24 42672 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2012-01-02 10:45 . 2012-01-06 00:02 -------- d-----w- c:\program files (x86)\Telenet Security Pack
2012-01-02 10:43 . 2012-01-02 10:45 -------- d-----w- c:\programdata\fssg
2012-01-02 10:43 . 2012-01-06 00:01 -------- d-----w- c:\programdata\f-secure
2012-01-02 10:37 . 2012-01-06 12:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 10:37 . 2012-01-02 10:37 -------- d-----w- c:\programdata\Malwarebytes
2012-01-01 13:54 . 2012-01-06 16:26 -------- d-----w- c:\users\Fluxys\AppData\Local\ElevatedDiagnostics
2012-01-01 13:23 . 2008-05-07 18:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2011-12-26 15:08 . 2011-12-26 15:08 -------- d-----w- c:\program files (x86)\VirtualDJ
2011-12-26 14:31 . 2011-12-26 14:31 -------- d-----w- c:\program files\iPod
2011-12-26 14:31 . 2011-12-26 14:32 -------- d-----w- c:\program files\iTunes
2011-12-26 14:31 . 2011-12-26 14:32 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 15:54 . 2011-12-14 15:54 -------- d-----w- c:\windows\SysWow64\siscardplugins
2011-12-14 15:47 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 15:47 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 15:47 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 15:47 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 15:47 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 15:47 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 11:39 . 2011-05-17 16:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-01-05 18:52 . 2011-05-17 16:34 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-03 20:36 . 2011-05-17 16:34 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 11:29 . 2011-05-19 15:27 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-04 12:35 . 2011-12-04 12:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-04 12:35 . 2011-12-04 12:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-19 18:42 . 2011-11-19 18:42 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-11-19 18:42 . 2011-11-19 18:42 82816 ----a-w- c:\users\Fluxys\AppData\Roaming\pcouffin.sys
2011-11-15 13:29 . 2010-11-24 08:25 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 04:54 . 2011-04-26 16:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-04 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-06 2076512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2012-01-06 308136]
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/05 21:10;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
R3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 19:20]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 19:20]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForFluxys.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{5FA94B92-692D-4F39-B72B-3E89CC89FB3F}.job
- c:\windows\system32\msfeedssync.exe [2011-06-01 07:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Fluxys\AppData\Roaming\Mozilla\Firefox\Profiles\bq9wnmer.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1983625899-2747462429-1117706802-1000_Classes\Wow6432Node\CLSID\{3d29161d-c71a-43cf-bc38-56e9cc43b8e7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a1
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,c3,4d,9e,47,61,a7,8f,c3,c6,d9,0d,66,8a,e8,c0,2b,79,a9,95,8c,a1,17,\
.
[HKEY_USERS\S-1-5-21-1983625899-2747462429-1117706802-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):04,46,00,37,9b,56,b5,26,24,b3,9e,2f,49,cb,3d,71,37,67,d2,fb,98,
97,5b,e5,a0,a8,1f,6f,ca,e5,ac,44,87,ad,43,1c,4f,8a,20,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-06 20:02:26
ComboFix-quarantined-files.txt 2012-01-06 19:02
.
Pre-Run: 26.930.274.304 bytes free
Post-Run: 26.872.594.432 bytes free
.
- - End Of File - - 47F7C32DF9B1E83A88EEEAA87C5CE24C
-
-
Hijack Mod
plaats het in delen het zal te groot zijn.
-
-
-
Hijack Mod
Hoe staat het met de problemen ?
-
Geen verandering 
nog altijd dezelfde problemen.
-
-
Emsisoft Emergency Kit - Version 1.0
Last update: 1/7/2012 2:39:55 PM
Scan settings:
Scan type: Deep Scan
Objects: Memory, Traces, Cookies, A:\, B:\, C:\, M:\, R:\
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 1/7/2012 2:40:26 PM
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93PC0JZR\178a06621982ba841d960227379a522c[1].js detected: Trojan.JS.IFrame!IK
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93PC0JZR\1a05f83fe7b8807168d30bff5ce36f3a[1].js detected: Trojan.JS.IFrame!IK
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93PC0JZR\1d054719c86f05ba4b01f1e8d766f257[1].js detected: Trojan.JS.IFrame!IK
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U89R3IUS\3c3ecb71da4b216531f26f46695db96b[1].js detected: Trojan.JS.IFrame!IK
C:\Users\Fluxys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\142a0a83-1e1bff97/eval_c.class detected: Exploit.Java.CVE-2010!IK
Scanned
Files: 311845
Traces: 403649
Cookies: 89
Processes: 24
Found
Files: 5
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 1/7/2012 4:48:31 PM
Scan time: 2:08:05
C:\Users\Fluxys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\142a0a83-1e1bff97/eval_c.class Deleted Exploit.Java.CVE-2010!IK
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93PC0JZR\178a06621982ba841d960227379a522c[1].js Deleted Trojan.JS.IFrame!IK
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93PC0JZR\1a05f83fe7b8807168d30bff5ce36f3a[1].js Deleted Trojan.JS.IFrame!IK
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93PC0JZR\1d054719c86f05ba4b01f1e8d766f257[1].js Deleted Trojan.JS.IFrame!IK
C:\Users\Fluxys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U89R3IUS\3c3ecb71da4b216531f26f46695db96b[1].js Deleted Trojan.JS.IFrame!IK
Deleted
Files: 5
Traces: 0
Cookies: 0
-
Nog steeds dezelfde problemen na opnieuw opstarten van de computer.
-
Hijack Mod
Update Combofix en start het opnieuw, plaats die nieuwe uitslag.
-
ComboFix 12-01-06.03 - Fluxys 07/01/2012 19:19:49.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16343.14289 [GMT 1:00]
Running from: c:\users\Fluxys\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 18:23 . 2012-01-07 18:23 -------- d-----w- c:\users\Fluxys\AppData\Local\temp
2012-01-07 18:23 . 2012-01-07 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-07 13:10 . 2012-01-07 13:10 -------- d-----w- c:\windows\SysWow64\drivers\avg
2012-01-06 17:36 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-06 17:07 . 2012-01-06 17:07 -------- d--h--w- c:\programdata\Common Files
2012-01-06 17:05 . 2012-01-06 17:05 13048 ----a-w- c:\windows\system32\avgrssta.dll
2012-01-06 17:03 . 2012-01-06 17:03 388096 ----a-r- c:\users\Fluxys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 17:03 . 2012-01-06 17:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-06 16:52 . 2012-01-06 16:52 -------- d-----w- C:\$AVG
2012-01-06 16:52 . 2012-01-06 17:05 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-06 16:52 . 2012-01-06 17:05 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-01-06 16:52 . 2012-01-07 13:10 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-06 16:52 . 2012-01-07 13:17 -------- d-----w- c:\windows\system32\drivers\Avg
2012-01-06 16:52 . 2012-01-06 17:05 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-01-06 16:51 . 2012-01-06 16:51 -------- d-----w- c:\programdata\avg9
2012-01-06 16:51 . 2012-01-06 16:51 -------- d-----w- c:\program files (x86)\AVG
2012-01-06 12:55 . 2012-01-06 12:55 -------- d-----w- c:\users\Fluxys\AppData\Roaming\Malwarebytes
2012-01-06 12:55 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-05 23:51 . 2012-01-05 23:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\Fluxys\AppData\Roaming\F-Secure
2012-01-05 19:19 . 2012-01-06 17:03 -------- d-----w- C:\temp
2012-01-03 20:36 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78A652E6-7C52-40D5-AFB7-AE6AD03EF040}\mpengine.dll
2012-01-02 14:08 . 2012-01-02 14:16 -------- d-----w- c:\programdata\iolo
2012-01-02 10:46 . 2012-01-02 11:24 42672 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2012-01-02 10:45 . 2012-01-06 00:02 -------- d-----w- c:\program files (x86)\Telenet Security Pack
2012-01-02 10:43 . 2012-01-02 10:45 -------- d-----w- c:\programdata\fssg
2012-01-02 10:43 . 2012-01-06 00:01 -------- d-----w- c:\programdata\f-secure
2012-01-02 10:37 . 2012-01-06 12:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 10:37 . 2012-01-02 10:37 -------- d-----w- c:\programdata\Malwarebytes
2012-01-01 13:54 . 2012-01-06 16:26 -------- d-----w- c:\users\Fluxys\AppData\Local\ElevatedDiagnostics
2012-01-01 13:23 . 2008-05-07 18:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2011-12-26 15:08 . 2011-12-26 15:08 -------- d-----w- c:\program files (x86)\VirtualDJ
2011-12-26 14:31 . 2011-12-26 14:31 -------- d-----w- c:\program files\iPod
2011-12-26 14:31 . 2011-12-26 14:32 -------- d-----w- c:\program files\iTunes
2011-12-26 14:31 . 2011-12-26 14:32 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 15:54 . 2011-12-14 15:54 -------- d-----w- c:\windows\SysWow64\siscardplugins
2011-12-14 15:47 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 15:47 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 15:47 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 15:47 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 15:47 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 15:47 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 15:57 . 2011-05-17 16:34 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-07 15:57 . 2011-05-19 15:27 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-06 11:39 . 2011-05-17 16:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-01-03 20:36 . 2011-05-17 16:34 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 12:35 . 2011-12-04 12:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-04 12:35 . 2011-12-04 12:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-19 18:42 . 2011-11-19 18:42 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-11-19 18:42 . 2011-11-19 18:42 82816 ----a-w- c:\users\Fluxys\AppData\Roaming\pcouffin.sys
2011-11-15 13:29 . 2010-11-24 08:25 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 04:54 . 2011-04-26 16:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-06_19.01.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-24 08:03 . 2012-01-07 18:07 64724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-07 18:07 37044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-06 12:05 . 2012-01-07 18:07 14016 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1983625899-2747462429-1117706802-1000_UserData.bin
- 2010-11-06 04:01 . 2012-01-06 16:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-06 04:01 . 2012-01-06 19:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-06 04:01 . 2012-01-06 19:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-06 04:01 . 2012-01-06 16:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-06 16:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-06 19:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-07 15:57 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-07 18:05 . 2012-01-07 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-06 18:54 . 2012-01-06 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-07 18:05 . 2012-01-07 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-06 18:54 . 2012-01-06 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-06 17:35 633972 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-07 18:10 633972 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-07 18:10 112694 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-06 17:35 112694 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-01-06 19:09 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-01-06 16:38 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-01-06 18:53 396348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-07 15:59 396348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-06 12:09 . 2012-01-07 13:30 958460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1983625899-2747462429-1117706802-1000-8192.dat
+ 2011-06-01 20:22 . 2012-01-07 15:59 7844651 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1983625899-2747462429-1117706802-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-04 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-07 2078048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/05 21:10;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
R3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2012-01-06 308136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 19:20]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 19:20]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForFluxys.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{5FA94B92-692D-4F39-B72B-3E89CC89FB3F}.job
- c:\windows\system32\msfeedssync.exe [2011-06-01 07:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Fluxys\AppData\Roaming\Mozilla\Firefox\Profiles\bq9wnmer.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1983625899-2747462429-1117706802-1000_Classes\Wow6432Node\CLSID\{3d29161d-c71a-43cf-bc38-56e9cc43b8e7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a1
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,c3,4d,9e,47,61,a7,8f,c3,c6,d9,0d,66,8a,e8,c0,2b,79,a9,95,8c,a1,17,\
.
[HKEY_USERS\S-1-5-21-1983625899-2747462429-1117706802-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):04,46,00,37,9b,56,b5,26,24,b3,9e,2f,49,cb,3d,71,37,67,d2,fb,98,
97,5b,e5,a0,a8,1f,6f,ca,e5,ac,44,87,ad,43,1c,4f,8a,20,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-07 19:24:39
ComboFix-quarantined-files.txt 2012-01-07 18:24
ComboFix2.txt 2012-01-06 19:02
.
Pre-Run: 26.226.270.208 bytes free
Post-Run: 26.489.528.320 bytes free
.
- - End Of File - - FA6DCBB96173A4CDF1965F335F8D822A
-
Hijack Mod
Ziet er toch goed uit zo.
Forum Rechten
- Je mag geen nieuwe onderwerpen plaatsen
- Je mag geen reacties plaatsen
- Je mag geen bijlagen toevoegen
- Je mag jouw berichten niet wijzigen
Forum Regels
LinkBack URL
About LinkBacks
Antwoord met Citaat
.jpg)
.jpg)
C:\Windows\system32\DRIVERS\amdsbs.sys
