andere pc steeds weer dezelfde problemen??

kape · 2 mei 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\programdata\Partner\Partner.exe

Folder::

C:\32788R22FWJFW

C:\rsit

c:\program files (x86)\AVG

c:\programdata\Partner

Driver::

Partner Service

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

cloclo · 2 mei 2011

AUB ...

ComboFix 11-05-01.04 - aarontristan 02/05/2011 15:20:51.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4078.2656 [GMT 2:00]

Gestart vanuit: c:\users\aarontristan\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\aarontristan\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\Partner\Partner.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\AVG

c:\program files (x86)\AVG\AVG10\Chrome\safesearch.crx

c:\program files (x86)\AVG\AVG10\Firefox4\chrome.manifest

c:\program files (x86)\AVG\AVG10\Firefox4\Chrome\searchshield.jar

c:\program files (x86)\AVG\AVG10\Firefox4\Components\avgssff4.dll

c:\program files (x86)\AVG\AVG10\Firefox4\Components\ISearchShield4.xpt

c:\program files (x86)\AVG\AVG10\Firefox4\install.rdf

c:\programdata\Partner

c:\programdata\Partner\debug.log

c:\programdata\Partner\Partner.exe

c:\programdata\Partner\Partner64.dll

C:\rsit

c:\rsit\info.txt

c:\rsit\log.txt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Partner Service

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-02 to 2011-05-02 ))))))))))))))))))))))))))))))

.

2011-05-02 13:24 . 2011-05-02 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-02 08:07 . 2011-04-18 17:13 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-02 08:07 . 2011-04-18 17:18 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-02 08:07 . 2011-04-18 17:13 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-02 08:07 . 2011-04-18 17:16 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-02 08:07 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-02 08:07 . 2011-04-18 17:13 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-02 08:06 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr

2011-05-02 08:06 . 2011-04-18 17:25 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-05-01 19:24 . 2011-05-01 19:26 -------- d-----w- c:\programdata\VirtualizedApplications

2011-05-01 17:13 . 2011-05-01 17:13 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2011-04-28 19:48 . 2011-04-28 19:48 -------- d-----w- c:\users\Public\CyberLink

2011-04-28 15:40 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-04-27 21:28 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-27 21:28 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-04-26 19:53 . 2011-05-02 08:06 -------- d-----w- c:\programdata\AVAST Software

2011-04-26 19:53 . 2011-04-28 15:40 -------- d-----w- c:\program files\AVAST Software

2011-04-26 09:18 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-26 09:18 . 2011-04-26 09:18 -------- d-----w- c:\programdata\Malwarebytes

2011-04-26 09:18 . 2011-04-26 09:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-26 09:18 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-25 18:30 . 2011-04-25 18:30 -------- d-----w- c:\program files\CCleaner

2011-04-25 16:03 . 2011-04-29 08:02 -------- d-----w- c:\program files (x86)\Trend Micro

2011-04-24 17:49 . 2011-04-24 17:49 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-24 17:49 . 2011-04-24 17:49 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-04-24 17:49 . 2011-04-24 17:49 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-24 17:45 . 2011-04-24 17:45 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-04-24 17:45 . 2011-04-24 17:45 367104 ----a-w- c:\windows\system32\atmfd.dll

2011-04-24 17:45 . 2011-04-24 17:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-04-24 17:45 . 2011-04-24 17:45 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-04-24 17:43 . 2011-04-24 17:43 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-24 17:43 . 2011-04-24 17:43 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-24 17:43 . 2011-04-24 17:43 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-04-24 17:43 . 2011-04-24 17:43 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-24 17:43 . 2011-04-24 17:43 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-24 17:43 . 2011-04-24 17:43 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-24 17:43 . 2011-04-24 17:43 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-24 17:41 . 2011-04-24 17:41 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-24 17:41 . 2011-04-24 17:41 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-04-24 17:41 . 2011-04-24 17:41 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-04-24 17:41 . 2011-04-24 17:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-04-24 17:41 . 2011-04-24 17:41 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-04-24 17:41 . 2011-04-24 17:41 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-04-24 17:41 . 2011-04-24 17:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-04-24 17:39 . 2011-04-24 17:39 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-24 17:38 . 2011-04-24 17:38 80384 ----a-w- c:\windows\SysWow64\davclnt.dll

2011-04-24 17:37 . 2011-04-24 17:37 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-04-24 17:37 . 2011-04-24 17:37 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-04-24 17:37 . 2011-04-24 17:37 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-04-24 17:37 . 2011-04-24 17:37 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-04-24 17:37 . 2011-04-24 17:37 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-04-24 17:37 . 2011-04-24 17:37 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-04-24 17:37 . 2011-04-24 17:37 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-04-24 17:37 . 2011-04-24 17:37 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-04-24 17:37 . 2011-04-24 17:37 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2011-04-24 17:37 . 2011-04-24 17:37 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-04-24 17:33 . 2011-04-24 17:33 294912 ----a-w- c:\windows\system32\browserchoice.exe

2011-04-24 17:26 . 2011-04-24 17:26 -------- d-----w- c:\program files (x86)\IObit

2011-04-24 16:31 . 2011-04-24 16:31 -------- d--h--w- c:\programdata\Common Files

2011-04-24 16:25 . 2011-05-02 06:54 -------- d-----w- c:\programdata\MFAData

2011-04-24 07:25 . 2011-04-28 20:12 -------- d-----w- c:\users\aarontristan

2011-04-24 07:25 . 2011-04-24 07:25 -------- d-----w- c:\program files\PlayReady

2011-04-24 07:25 . 2011-04-24 07:25 -------- d-----w- c:\program files (x86)\Common Files\Protexis

2011-04-24 07:25 . 2011-04-24 07:25 -------- d-----w- c:\programdata\Corel

2011-04-24 07:24 . 2011-04-24 07:24 -------- d-----w- c:\program files (x86)\Common Files\Corel

2011-04-24 07:23 . 2011-04-24 07:23 -------- d-----w- c:\program files (x86)\Corel

2011-04-24 07:23 . 2011-04-24 07:23 -------- d-----w- c:\program files\Google

2011-04-24 07:23 . 2011-04-24 17:05 -------- d-----w- c:\program files (x86)\Google

2011-04-24 07:21 . 2011-04-24 07:21 -------- d-----w- C:\Recovery

2011-04-24 07:21 . 2011-04-24 07:21 -------- d-sh--we C:\Documents and Settings

2011-04-23 21:03 . 2011-04-23 21:03 -------- d-sh--we c:\programdata\Templates

2011-04-23 21:03 . 2011-04-23 21:03 -------- d-sh--we c:\programdata\Start Menu

2011-04-23 20:56 . 2011-04-23 20:56 -------- d-sh--we c:\programdata\Favorites

2011-04-23 20:56 . 2011-04-23 20:56 -------- d-sh--we c:\programdata\Documents

2011-04-23 20:56 . 2011-04-23 20:56 -------- d-sh--we c:\programdata\Desktop

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-24 15:45 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-05-02_07.56.27 )))))))))))))))))))))))))))))))))))))))))

.

- 2011-05-02 07:45 . 2011-05-02 07:45 13378 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2011-05-02 13:24 . 2011-05-02 13:24 13378 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2009-07-14 04:54 . 2011-05-02 06:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-05-02 13:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-05-02 13:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-02 06:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-02 06:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-02 13:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-07-07 16:19 . 2011-05-02 13:12 32654 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-05-02 13:12 65910 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:30 . 2011-05-02 07:44 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-05-02 13:06 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2011-04-24 15:13 . 2011-05-02 13:12 8158 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2630638536-2556421976-747844443-1001_UserData.bin

- 2011-05-02 07:45 . 2011-05-02 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-02 13:25 . 2011-05-02 13:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-05-02 07:45 . 2011-05-02 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-05-02 13:25 . 2011-05-02 13:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:30 . 2011-05-02 07:44 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-05-02 13:06 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-05-02 13:06 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2011-05-02 07:44 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:01 . 2011-05-02 07:45 232796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-05-02 13:24 232796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-04-24 10:28 . 2011-05-02 07:45 3208440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2630638536-2556421976-747844443-1001-8192.dat

+ 2011-04-24 10:28 . 2011-05-02 13:24 3208440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2630638536-2556421976-747844443-1001-8192.dat

- 2011-04-24 20:36 . 2011-05-02 07:45 5915760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2630638536-2556421976-747844443-1001-4096.dat

+ 2011-04-24 20:36 . 2011-05-02 13:24 5915760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2630638536-2556421976-747844443-1001-4096.dat

+ 2009-07-14 02:34 . 2011-05-02 13:23 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2011-05-02 07:31 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 136176]

R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]

R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]

R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]

R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 07:23]

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 07:23]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF19444.cfxxe" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11613288]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

.

BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner64.dll

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

.

**************************************************************************

.

Voltooingstijd: 2011-05-02 15:31:05 - machine werd herstart

ComboFix-quarantined-files.txt 2011-05-02 13:31

ComboFix2.txt 2011-05-02 07:57

ComboFix3.txt 2011-04-26 19:41

.

Pre-Run: 1.921.622.937.600 bytes beschikbaar

Post-Run: 1.921.031.081.984 bytes beschikbaar

.

- - End Of File - - 6485162893465A2AF29FD36B3008B1E4

bedankt

2 mei 2011 aangepast door kape
dubbel log verwijderd

kape · 2 mei 2011

Dit ziet er prima uit. Nog merkbare problemen nu ?

cloclo · 2 mei 2011

hey kape,

voorlopig geen herstelproblemen meer, werkt ook stuk vlugger ... wat was er precies mis??Misschien zijn er dingen waar ik in de toekomst kan rekening mee houden?Hoe kom ik aan deze problemen?

Nog een paar kleine problemen denk ik :

- bij het afsluiten doet hij telkens vier updates en bij het opstarten heeft hij problemen bij configureren en verwijderd hij opnieuw de updates...

- telenet in voor het ontvangen van mails is ok maar problemen bij verzenden...

Die combo, hijack enzo mag dat op pc blijven staan??

Zijn er nog beveiligingen die kunt aanraden?

Super bedankt hoor.

groetjes.

kape · 2 mei 2011

Verwijder om te beginnen al Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Oorzaak is moeilijk te achterhalen, maar je hebt alvast zaken gedownload die niet echt koosjer waren. Of je dit bewust of onbewust gedaan hebt, blijft natuurlijk de vraag.

Voor je Telenet-mailprobleem moet je zeker de instellingen eens nakijken. Mogelijk zit daar de oorzaak van je verzendmoeilijkheden.

cloclo · 3 mei 2011

Hey kape,

ccleaner heb ik staan , maar blijkbaar gebruikte ik die nog niet zo uitgebreid zoals hier wordt beschreven..

Koosjer dingen bewust binnen halen? Super veel doen we eigenlijk niet met onze pc, edegasten zitten wel veel op allerhande spelletjes, ik speur graag tweedehandssites af en facebook en spellekes via facebook zijn ook wel populair...

Super bedankt voor je hulp !

clarkie · 12 mei 2011

Dag cloclo,

Als je probleem opgelost is, mag je op de knop opgelost klikken. ;-)

Asus · 13 mei 2011

bij het afsluiten doet hij telkens vier updates en bij het opstarten heeft hij problemen bij configureren en verwijderd hij opnieuw de updates

Het installeren van updates geeft wel meer problemen als je dit laat doen bij het afsluiten.

Wanneer je het 'update-symbooltje' op de afsluitknop ziet staan, sluit je best niet af maar dan doe je het volgende :

Klik op start (windowsknop) links onderaan en typ in het zoekvak Update.

Kies voor Windows Update.

Selecteer de updates die verschijnen en kies voor installeren.

Als je pc vraagt om opnieuw op te starten, voer dit dan ook uit.

cloclo · 13 mei 2011

Hey,

Superdruk gehad deze week, dus nog niet veel tijd voor mijn pc'ke gehad.

Ik moet zeggen, hij werkt wel weer supersnel en voorlopig geen 'nieuwe' problemen, de updates blijven voor problemen zorgen, heb al geprobeerd om ze handmatig te installeren maar bij het opstarten loopt het steeds weer fout...

KB2515325: Update voor Windows 7 voor x64-systemen