Virus?

[guidobos]

omboFix 11-12-17.05 - Packard bell 18/12/2011 19:05:45.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3764.1870 [GMT 1:00]

Gestart vanuit: d:\users\Packard bell\Downloads\ComboFix.exe

AV: Scarlet Secure PC 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Scarlet Secure PC 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Scarlet Secure PC 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\PACKAR~1\AppData\Local\Temp\ppcrlui_3736_2

c:\users\Packard bell\AppData\Local\Temp\ppcrlui_3736_2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-18 to 2011-12-18 ))))))))))))))))))))))))))))))

.

.

2011-12-18 18:20 . 2011-12-18 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-18 17:53 . 2011-12-18 17:53 -------- d-----w- c:\users\Packard bell\AppData\Roaming\F-Secure

2011-12-18 17:36 . 2011-12-18 17:36 -------- d-----w- c:\users\Packard bell\AppData\Roaming\Systweak

2011-12-18 17:36 . 2011-11-19 10:52 18816 ----a-w- c:\windows\system32\roboot64.exe

2011-12-18 17:36 . 2011-12-18 17:36 -------- d-----w- c:\program files (x86)\RegClean Pro

2011-12-18 17:33 . 2011-12-18 17:33 -------- d-----w- c:\program files (x86)\DealPly

2011-12-18 17:33 . 2011-12-18 17:33 -------- d-----w- c:\program files (x86)\BabylonToolbar

2011-12-18 17:33 . 2011-12-18 17:42 4473 ----a-w- C:\user.js

2011-12-18 17:33 . 2011-12-18 17:33 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter

2011-12-18 17:21 . 2011-12-18 17:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD5A13DF-0860-4230-A05C-E1F1E1B2AE6E}\offreg.dll

2011-12-17 17:54 . 2011-12-17 17:54 78376 ----a-w- c:\windows\system32\drivers\CDAVFS.sys

2011-12-17 17:54 . 2011-12-17 17:54 -------- d-----w- c:\program files (x86)\Conduit

2011-12-17 17:06 . 2011-12-17 17:06 388096 ----a-r- c:\users\Packard bell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-17 17:06 . 2011-12-17 17:06 -------- d-----w- c:\program files (x86)\Trend Micro

2011-12-16 21:31 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-12-16 19:17 . 2011-12-16 19:17 -------- d-----w- c:\users\Packard bell\AppData\Local\Apple

2011-12-16 19:12 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD5A13DF-0860-4230-A05C-E1F1E1B2AE6E}\mpengine.dll

2011-12-16 08:52 . 2011-12-16 08:52 -------- d-----w- c:\users\Packard bell\AppData\Roaming\Malwarebytes

2011-12-16 08:52 . 2011-12-16 08:52 -------- d-----w- c:\programdata\Malwarebytes

2011-12-16 08:52 . 2011-12-16 08:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-16 08:52 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-15 21:40 . 2011-12-15 21:40 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-12-15 21:28 . 2005-08-25 17:19 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX

2011-12-15 21:28 . 2005-08-25 17:18 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2011-12-15 20:54 . 2011-12-17 09:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-12-15 20:54 . 2011-12-16 22:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-12-15 20:49 . 2011-12-15 20:49 -------- d-----w- c:\users\Packard bell\AppData\Local\PackageAware

2011-12-15 20:11 . 2011-12-15 20:11 -------- d-----w- c:\program files\iPod

2011-12-15 20:11 . 2011-12-15 20:12 -------- d-----w- c:\program files\iTunes

2011-12-15 20:11 . 2011-12-15 20:12 -------- d-----w- c:\program files (x86)\iTunes

2011-12-15 20:00 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 19:58 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-15 19:58 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 19:07 . 2011-12-15 19:07 -------- d-----w- c:\users\Packard bell\AppData\Roaming\CheckPoint

2011-12-15 19:07 . 2011-12-17 21:59 -------- d-----w- c:\users\Packard bell\AppData\Local\Conduit

2011-12-15 19:06 . 2011-12-15 19:32 -------- d-----w- c:\program files\CheckPoint

2011-12-15 19:06 . 2011-12-15 19:06 -------- d-----w- c:\programdata\CheckPoint

2011-12-15 19:03 . 2011-12-15 19:32 -------- d-----w- c:\program files (x86)\CheckPoint

2011-12-15 18:25 . 2011-12-15 18:25 -------- d-----w- c:\users\Packard bell\AppData\Local\Babylon

2011-12-15 18:25 . 2011-12-15 18:25 -------- d-----w- c:\programdata\Babylon

2011-12-15 18:25 . 2011-12-15 18:25 -------- d-----w- c:\users\Packard bell\AppData\Roaming\Babylon

2011-12-15 18:25 . 2011-12-15 18:43 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer

2011-12-14 08:27 . 2011-12-18 17:19 -------- d-----w- c:\users\Packard bell\Tracing

2011-12-06 10:27 . 2011-12-06 10:27 45056 ----a-r- c:\users\Packard bell\AppData\Roaming\Microsoft\Installer\{1A9AD722-DF6D-412F-89ED-1E6CDCB3895C}\NewShortcut11_5C7047142D534423AFA08D9EBAB2A995_1.exe

2011-12-06 10:27 . 2011-12-06 10:27 45056 ----a-r- c:\users\Packard bell\AppData\Roaming\Microsoft\Installer\{1A9AD722-DF6D-412F-89ED-1E6CDCB3895C}\NewShortcut1_5C7047142D534423AFA08D9EBAB2A995_1.exe

2011-12-06 10:27 . 2011-12-06 10:27 -------- d-----w- c:\program files (x86)\Prisma

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-18 18:19 . 2011-10-07 19:13 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat

2011-11-15 08:36 . 2011-09-17 16:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-21 18:02 . 2011-10-21 18:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-09-29 16:24 . 2011-11-09 18:03 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="d:\users\Packard bell\Desktop\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-06 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688]

"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-09 30192]

"F-Secure Manager"="c:\program files (x86)\Scarlet\Common\FSM32.EXE" [2009-11-18 201128]

"F-Secure TNB"="c:\program files (x86)\Scarlet\FSGUI\TNBUtil.exe" [2011-09-09 1655464]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-09 30192]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Scarlet\HIPS\drivers\fshs.sys [2009-11-18 59784]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Scarlet\Anti-Virus\minifilter\fsvista.sys [2009-11-18 16768]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [2010-06-15 822304]

S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Scarlet\Anti-Virus\minifilter\fsgk.sys [2011-09-09 198808]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Scarlet\ORSP Client\fsorsp.exe [2011-09-09 61088]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896257186-2368645436-2140591263-1000Core.job

- c:\users\Packard bell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 14:04]

.

2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896257186-2368645436-2140591263-1000UA.job

- c:\users\Packard bell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 14:04]

.

2011-12-18 c:\windows\Tasks\RegClean Pro_DEFAULT.job

- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2011-12-18 10:52]

.

2011-12-18 c:\windows\Tasks\RegClean Pro_UPDATES.job

- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2011-12-18 10:52]

.

2011-12-18 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~2\Scarlet\ANTI-V~1\fsav.exe [2011-09-09 16:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-25 10816544]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-25 2090528]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-05 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-05 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-05 413208]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2010-06-15 496160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://search.babylon.com/?AF=100480&babsrc=HP_ss&mntrId=20e40ffb0000000000004c0f6e753bd6

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

LSP: c:\program files (x86)\Scarlet\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{ffb11c0c-da90-4969-a995-8dca2e0fc10a} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{FFB11C0C-DA90-4969-A995-8DCA2E0FC10A} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-12-18 19:44:06

ComboFix-quarantined-files.txt 2011-12-18 18:43

.

Pre-Run: 263.802.396.672 bytes beschikbaar

Post-Run: 263.488.069.632 bytes beschikbaar

.

- - End Of File - - 390BBD94A3E176A06B78777F915D9B9D

19 december 2011 aangepast door kape
dubbel log verwijderd

[kape]

Verwijder manueel volgende vetgedrukte mappen :

c:\program files (x86)\BabylonToolbar

c:\program files (x86)\Conduit

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

c:\users\Packard bell\AppData\Local\Conduit

c:\users\Packard bell\AppData\Local\Babylon

c:\programdata\Babylon

c:\users\Packard bell\AppData\Roaming\Babylon

[Gerjannn]

Heb je recentelijk een filmpje proberen te kijken op Facebook waar je een aantal handelingen voor moest doen?

[guidobos]

Nu zit ik helemaal vast, het virus heeft zich versprijd,ik kan niet meer op het internet,

[kape]

Kan je de PC opstarten in "veilige modus met netwerkverbinding" ?

[guidobos]

het zat helemaal vast,ik heb hem binnen gedaan en voor 25 euro is alles weer ok, ik dank u voor uw goede bedoelingen,groeten guido

[kape]

OK, dan zetten we dit onderwerp op "opgelost". Succes verder !