dos\Alureon.A

kweezie wabbit · 11 september 2011

Download ComboFix van één van deze locaties:

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

maartenv · 11 september 2011

ik heb combofix geinstaleerd op bureaublad en dan geopend je krijgt dan een venster dat hij aant scannen is en opeens een blauw scherm met engelse tekst :een probleem is gedetecdeert en windows is afgesloten om schade te beperken op je pc

tech. info stop 0x0000007E (0xc0000005, 0x86c90500, 0x8b958bb8, 0x8b9588b4 )

kweezie wabbit · 11 september 2011

Als de pc reeds herstart is na het blauwe scherm, maj je combofix opnieuw uitvoeren.

Als je weer een blauw scherm krijgt, laat het dan zeker weten en geef dezelfde informatie als in je vorig bericht.

maartenv · 11 september 2011

terug het blauwe scherm deze keer een iet andere tech info stop 0x0000008e (0xc0000005, 0x82a54dd1, 0x8b96391c, 0x00000000)

kweezie wabbit · 12 september 2011

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download combofix opnieuw maar gebruik dimaal de andere link.

Probeer dan nogmaals on combofix uit te voeren.

maartenv · 12 september 2011

hier is het log bestandje van combofix

ComboFix 11-09-12.02 - Gebruiker 12/09/2011 19:14:23.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1388 [GMT 2:00]

Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe

AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\JMHL Loader

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JMHL Loader

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JMHL Loader\JMHL Loader.lnk

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JMHL Loader\Uninstall.lnk

c:\windows\unin0413.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-12 to 2011-09-12 ))))))))))))))))))))))))))))))

.

2011-09-12 17:24 . 2011-09-12 17:24 -------- d-----w- c:\users\Gast\AppData\Local\temp

2011-09-12 17:24 . 2011-09-12 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-12 05:47 . 2011-09-12 05:47 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5055DC-ECE5-4BBD-85D6-D948F3C03616}\MpKsl6fbebf1d.sys

2011-09-12 05:47 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5055DC-ECE5-4BBD-85D6-D948F3C03616}\mpengine.dll

2011-09-11 19:32 . 2011-09-11 19:32 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Corel

2011-09-11 11:02 . 2011-09-11 11:04 -------- d-----w- c:\users\TEMP.MAARTEN.011

2011-09-10 20:22 . 2011-09-10 20:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C54BD271-24F3-4A7A-B2C3-5DEAD55485E3}\gapaengine.dll

2011-09-10 19:53 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9A13BD8-3CB7-4BDB-8F47-415B777CF1B4}\mpengine.dll

2011-09-10 05:55 . 2011-09-10 05:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-09-10 05:55 . 2011-09-10 05:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-09-09 22:00 . 2011-09-09 22:00 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-09 22:00 . 2011-09-09 22:00 -------- d-----w- C:\Program Files(x98)

2011-09-09 21:38 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-09 21:38 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-09 20:46 . 2011-09-09 20:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes

2011-09-09 20:45 . 2011-09-09 20:45 -------- d-----w- c:\programdata\Malwarebytes

2011-09-09 20:45 . 2011-09-09 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-24 04:29 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 02:44 . 2011-04-01 03:08 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-23 11:04 . 2011-08-09 20:52 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00 . 2011-08-09 20:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 10:59 . 2011-08-09 20:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-23 10:59 . 2011-08-09 20:52 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-07-23 10:59 . 2011-08-09 20:52 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-23 10:03 . 2011-08-09 20:52 385024 ----a-w- c:\windows\system32\html.iec

2011-07-23 09:27 . 2011-08-09 20:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-23 09:25 . 2011-08-09 20:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-13 03:39 . 2011-08-03 01:00 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-06 15:31 . 2011-08-09 20:52 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-20 08:54 . 2011-08-09 20:52 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-20 08:54 . 2011-08-09 20:52 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-17 20:13 . 2011-08-09 20:50 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-17 16:03 . 2011-08-09 20:52 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-06-17 13:31 . 2011-08-09 20:50 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-06-17 01:08 . 2010-06-09 19:40 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-02 13597216]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-02 92704]

"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]

"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1348904]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-03-12 3054136]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-2-4 495432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2009-04-07 14:34 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

2008-03-20 18:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-11-25 12:41 6691360 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2008-11-25 12:42 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

.

R1 MpKsl5b58cc11;MpKsl5b58cc11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B97156D7-95FD-48D2-803B-5F073D167A4C}\MpKsl5b58cc11.sys [x]

R1 MpKsl83fc6c16;MpKsl83fc6c16;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57A2FCAE-981B-499A-9327-6B4BCD223028}\MpKsl83fc6c16.sys [x]

R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca21c98e05671e;Google Updateservice (gupdate1ca21c98e05671e);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 133104]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\GEBRUI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 133104]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]

S1 MpKsl0602f99e;MpKsl0602f99e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0976903D-5BF2-49AD-A421-D09A181B67A9}\MpKsl0602f99e.sys [x]

S1 MpKsl42f7a365;MpKsl42f7a365;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0976903D-5BF2-49AD-A421-D09A181B67A9}\MpKsl42f7a365.sys [x]

S1 MpKsl6fbebf1d;MpKsl6fbebf1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5055DC-ECE5-4BBD-85D6-D948F3C03616}\MpKsl6fbebf1d.sys [2011-09-12 28752]

S1 MpKsl9fb75858;MpKsl9fb75858;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0976903D-5BF2-49AD-A421-D09A181B67A9}\MpKsl9fb75858.sys [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]

S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-16 3668480]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSL26B31027

*NewlyCreated* - MPKSL6FBEBF1D

*Deregistered* - MpKsl26b31027

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-12 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 19:07]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 19:07]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 19:07]

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 195.130.131.131 195.130.130.3

FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\5gd1td97.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKfox000&ptb=6OtORSlGzG.193ahtQfbmg&ind=2010072617&ptnrS=ZKfox000&si=&n=77cf4629&psa=&st=kwd&searchfor=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\Firefox

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Emicsoft FLV Converter_is1 - d:\stefanie\Converter flv to avi\Emicsoft FLV Converter\unins000.exe

AddRemove-Free FLV to AVI Video Converter_is1 - d:\stefanie\Converter flv to avi\Free FLV to AVI Video Converter\unins000.exe

AddRemove-ImTOO FLV Converter - d:\stefanie\Converter flv to avi\FLV Converter\Uninstall.exe

AddRemove-JMHL Loader - c:\program files\JMHL Loader\JMHL Loader.exe

AddRemove-LucasArts' The Phantom Menace - c:\program files\LucasArts\The Phantom Menace\DeIsL1.isu

AddRemove-YouTube FLV to AVI easy converter_is1 - d:\stefanie\Converter flv to avi\YouTube FLV to AVI easy converter\unins000.exe

AddRemove-YouTubeGet_is1 - d:\stefanie\Converter flv to avi\YouTubeGet\unins000.exe

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\YouTube Downloader\uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-12 19:26

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

c:\users\GEBRUI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

Scan succesvol afgerond

verborgen bestanden: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.032"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.amr"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ani"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.arw"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.asf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.bay"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.bmp"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.bw"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.bwf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.cel"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.cr2"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.crw"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.cs1"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.cur"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dcr"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dcx"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dib"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.djv"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.djvu"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.dng"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.emf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.eps"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.erf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.fff"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.flc"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.fli"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.fpx"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.gif"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.hdr"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.icl"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.icn"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ico"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.iff"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ilbm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.int"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.inta"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.iw4"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.j2c"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.j2k"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jfif"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jif"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jp2"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpc"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpe"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpeg"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpg"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpk"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.jpx"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.kar"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.lbm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.m15"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.m1a"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.m2a"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.m75"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.mef"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.mos"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.mpv"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.mrw"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.nef"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.orf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pbm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pcd"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pct"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pcx"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pef"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pgm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pic"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pics"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pict"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pix"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.png"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ppm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.psd"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.psp"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.pspimage"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.qcp"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.qtpf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.raf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ras"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.raw"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rgb"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rgba"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rle"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.rsb"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.sfil"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.sgi"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.smi"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.smil"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.sml"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.sr2"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.srf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.swa"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.tga"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.thm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.tif"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.tiff"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ttc"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ttf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.ulw"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.v20po"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.v20pp"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.v20ppf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.vfw"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.wbm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.wbmp"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.wmf"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.wmv"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.xbm"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.xif"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.xmp"

.

[HKEY_USERS\S-1-5-21-3507422318-1005345246-1866908082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 2.0.xpm"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-09-12 19:29:21

ComboFix-quarantined-files.txt 2011-09-12 17:29

.

Pre-Run: 82.090.258.432 bytes beschikbaar

Post-Run: 93.801.545.728 bytes beschikbaar

.

- - End Of File - - CBC7888050F98CD9ED058BFC9483C740

kape · 13 september 2011

Combofix heeft zijn werk gedaan. Wat wel opvalt in je logjes is dat er nog sporen van 3 antivirusscanners aanwezig zijn : AVG, Norton/Symantec en F-Secure. Neem aan dat AVG je actieve scanner is, maar dan is het best dat we de rest wél verwijderen. Laat maar weten welke je wil behouden ?

En kan je ons eens laten weten wat er exact in deze map zit : C:\Program Files(x98)

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\users\TEMP.MAARTEN.011

Firefox::

FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\5gd1td97.default\

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

13 september 2011 aangepast door kape

maartenv · 13 september 2011

c:\program files (x98) hier staat trend micro wist dat het in een file met naam program files moest staan

mer het nrke was ik vergeten

avg virusscanner is diegene die er opstond om zijn werk te doen mer die is verlopen:(

ik gebruik opt moment microsoft security ess.

kape · 13 september 2011

OK, dan mag je beginnen met al die antivirusprogramma's te verwijderen met hun Removal Tool : AVG, Norton en F-Secure.

Voer dan ook de opdracht met Combofix uit en hang een nieuw logje ervan, samen met een nieuw log van HijackThis in je volgende bericht.

maartenv · 13 september 2011

ik heb dat txt tje in combofix gezet en hier is het rezultaat

kga mij dan eens bezig houden om al de scanners eens te verwijderen zal je laten weten alst klaar is

alvast merci voor je hulp

ComboFix 11-09-12.02 - Gebruiker 13/09/2011 22:02:19.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1631 [GMT 2:00]

Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFscript.txt

AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-13 to 2011-09-13 ))))))))))))))))))))))))))))))

.

2011-09-13 20:11 . 2011-09-13 20:12 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\TEMP.MAARTEN\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\TEMP.MAARTEN.008\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\TEMP.MAARTEN.004\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\TEMP.MAARTEN.003\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\TEMP.MAARTEN.002\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\TEMP.MAARTEN.001\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\Gast\AppData\Local\temp

2011-09-13 20:11 . 2011-09-13 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-13 19:53 . 2011-09-13 19:53 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{664806AA-185E-4290-B57E-1810CC50178D}\MpKsl64e912db.sys

2011-09-13 19:53 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{664806AA-185E-4290-B57E-1810CC50178D}\mpengine.dll