hallo, na een aantal online scanners krijg ik deze er niet af,win32/sirefef.EZ.trojan
ik heb combofix opgestart en krijg deze log:
ComboFix 12-06-16.02 - Wim 17/06/2012 23:07:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2046.1294 [GMT 2:00]
Gestart vanuit: c:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe
c:\documents and settings\Wim\Application Data\Hyny
c:\documents and settings\Wim\Application Data\Hyny\azko.eso
c:\documents and settings\Wim\Application Data\PriceGong
c:\documents and settings\Wim\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\4488.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\459.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\6174.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Wim\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Wim\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Wim\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\system\Comdlg32.dll
c:\windows\unin0413.exe
K:\autorun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-17 to 2012-06-17 ))))))))))))))))))))))))))))))
.
.
2012-06-17 19:13 . 2012-06-17 19:13 -------- d-----w- c:\program files\ESET
2012-06-17 12:54 . 2012-06-17 12:54 35904 ----a-w- c:\windows\system32\drivers\obsywtlh.sys
2012-06-17 09:10 . 2012-06-17 10:19 -------- d-----w- C:\mijn documenten
2012-06-17 08:26 . 2012-06-17 08:29 -------- d-----w- C:\temp
2012-06-17 08:01 . 2012-06-17 20:33 -------- d--h--r- c:\documents and settings\Wim\Onlangs geopend
2012-06-17 08:00 . 2012-06-17 20:51 -------- d-----w- C:\Downloads
2012-06-16 21:28 . 2012-06-17 07:54 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-16 21:28 . 2012-06-14 22:17 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-06-15 15:13 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 17:39 . 2012-03-31 19:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:39 . 2011-05-22 17:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2008-04-15 10:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-04-15 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2008-04-15 10:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2008-04-15 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2008-04-15 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2008-04-15 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2008-04-15 10:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 22:11 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2011-03-31 14:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 08:21 . 2012-04-20 08:21 786416 ----a-w- c:\program files\install_reader10_nl_gtba_aih.exe
2012-04-20 08:17 . 2012-04-20 08:17 211537920 ----a-w- C:\LibO_3.5.2_Win_x86_install_multi.msi
2012-06-14 22:19 . 2012-06-17 07:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-15 110592]
RaConfig2500.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2011-3-31 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-02-02 01:44 3329824 ----a-w- c:\documents and settings\Wim\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
2004-07-20 16:18 90112 ----a-w- c:\windows\Dit.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Wim\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/04/2011 12:17 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [1/03/2012 22:13 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [31/03/2011 20:18 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31/03/2011 20:18 337880]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 12:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2011 20:18 20696]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [8/04/2011 21:30 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [8/04/2011 21:30 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [8/04/2011 21:30 8864]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/02/2005 15:02 666368]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12/05/2005 14:39 1287296]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [31/03/2011 19:50 44368]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/04/2011 10:59 47360]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [31/03/2011 19:45 19928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2012 17:46 136176]
S2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [8/04/2011 21:30 8012]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 21:00 257224]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [31/03/2011 18:42 17408]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2012 17:46 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [16/06/2012 23:28 113120]
S3 obsywtlh;Vba32 Armour Driver;c:\windows\system32\drivers\obsywtlh.sys [17/06/2012 14:54 35904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
HPService REG_MULTI_SZ HPSLPSVC
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:39]
.
2011-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-12-24 c:\windows\Tasks\debutDowngrade.job
- c:\program files\NCH Software\Debut\debut.exe [2011-10-19 17:57]
.
2011-12-10 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-10-19 17:57]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:45]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:45]
.
2012-05-27 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-10-19 17:57]
.
2011-10-30 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-10-19 17:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Wim\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 195.130.130.4 195.130.131.4
FF - ProfilePath - c:\documents and settings\Wim\Application Data\Mozilla\Firefox\Profiles\4f17pz89.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Explorer_Run-5975 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.exe
Notify-avldr - avldr.dll
AddRemove-8461-7759-5462-8226 - f:\wim docs\uninstall.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0413.EXE
AddRemove-KeyStat - c:\windows\unin0413.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-17 23:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,fe,ff,41,43,28,34,49,b8,42,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,fe,ff,41,43,28,34,49,b8,42,40,\
.
[HKEY_USERS\S-1-5-21-299502267-1454471165-1606980848-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,8f,e1,b2,e0,84,28,d8,88,95,5f,4b,38,40,7e,24,d4,5e,44,6c,1a,c1,91,
8d,69,2d,20,8d,02,89,eb,5b,d5,74,3e,11,63,a5,f5,c6,2d,28,ea,42,fd,d1,67,aa,\
"??"=hex:64,ab,d2,5b,f6,f0,54,20,02,fe,d0,fc,c3,f7,6f,bd
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2012-06-17 23:17:20
ComboFix-quarantined-files.txt 2012-06-17 21:17
.
Pre-Run: 4.951.744.512 bytes beschikbaar
Post-Run: 38.688.768.000 bytes beschikbaar
.
- - End Of File - - 7D59E3AB542C9142E04829034636CFE1
ik weet niet wat ik verder dien te doen , wie wil er mij met dit helpen alvast hartelijk dank
