Ga naar inhoud

Aanbevolen berichten

  • Reacties 52
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

ComboFix 12-03-17.01 - senne&cindy 18/03/2012 22:46:49.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4078.2393 [GMT 1:00]

Gestart vanuit: c:\users\senne&cindy\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-18 to 2012-03-18 ))))))))))))))))))))))))))))))

.

.

2012-03-18 21:51 . 2012-03-18 21:51 -------- d-----w- c:\users\judith\AppData\Local\temp

2012-03-18 21:51 . 2012-03-18 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-18 15:33 . 2012-03-18 15:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-18 15:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 15:13 . 2012-03-18 15:13 61440 ----a-w- c:\windows\SysWow64\drivers\eckiln.sys

2012-03-18 14:55 . 2012-03-18 14:55 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-03-18 14:14 . 2012-03-18 15:13 266 ----a-w- C:\avexport.bat

2012-03-18 14:14 . 2012-03-18 14:14 61440 ----a-w- c:\windows\SysWow64\drivers\fqmmcypo.sys

2012-03-18 14:11 . 2012-03-18 14:11 -------- d-----w- c:\program files (x86)\Phpnuke Downloader

2012-03-18 13:38 . 2012-03-18 14:19 -------- d-----w- c:\programdata\CPA_VA

2012-03-18 13:30 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-18 13:30 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-18 13:30 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-18 13:30 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-18 13:30 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-03-18 13:30 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-18 13:30 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-03-18 13:29 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr

2012-03-18 13:29 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-03-18 13:29 . 2012-03-18 13:29 -------- d-----w- c:\programdata\AVAST Software

2012-03-18 13:29 . 2012-03-18 13:29 -------- d-----w- c:\program files\AVAST Software

2012-03-18 13:22 . 2012-03-18 17:52 -------- d-----w- c:\programdata\Comodo

2012-03-18 13:22 . 2012-03-18 13:22 -------- d-----w- c:\program files\COMODO

2012-03-18 13:22 . 2012-03-18 13:22 -------- d-----w- c:\program files (x86)\Comodo

2012-03-18 13:22 . 2012-03-18 13:22 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-03-15 16:18 . 2012-03-15 16:18 -------- d-----w- c:\program files\Speccy

2012-03-13 21:36 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-13 21:36 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-13 21:36 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-13 20:38 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 20:38 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-13 20:38 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 17:40 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 17:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-13 17:40 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 17:40 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 17:40 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 17:40 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 17:40 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 06:54 . 2012-03-13 06:54 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-03-13 06:54 . 2012-03-13 06:54 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2012-03-12 13:06 . 2012-03-12 13:06 -------- d-----w- c:\programdata\Malwarebytes

2012-03-11 20:53 . 2012-03-16 11:28 4076 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys

2012-03-11 20:53 . 2012-03-11 20:53 88 --sh--r- c:\windows\SysWow64\D8BBC2F9FB.sys

2012-03-11 20:51 . 2012-03-11 20:51 -------- d-----w- c:\windows\SysWow64\Spool

2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll

2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll

2012-03-11 19:22 . 2012-03-11 19:22 -------- d-----w- c:\program files (x86)\Trend Micro

2012-03-09 21:33 . 2010-08-26 08:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe

2012-03-09 21:33 . 2010-08-26 08:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe

2012-03-09 21:33 . 2010-08-25 18:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys

2012-03-09 21:33 . 2010-08-25 18:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys

2012-03-08 09:25 . 2012-03-08 09:25 -------- d-----w- c:\windows\SysWow64\Wat

2012-03-08 09:25 . 2012-03-08 09:25 -------- d-----w- c:\windows\system32\Wat

2012-03-08 08:36 . 2012-03-13 19:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-08 08:36 . 2012-03-08 08:36 -------- d-----w- c:\windows\system32\Macromed

2012-03-08 08:18 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-03-07 20:49 . 2012-03-09 21:33 -------- d-----w- c:\program files (x86)\EASEUS

2012-03-07 07:07 . 2012-03-07 07:07 -------- d-----w- c:\program files (x86)\GetData

2012-03-07 06:55 . 2012-03-07 06:55 -------- d-----w- C:\recuva teruggehaalde bestanden

2012-03-07 06:49 . 2012-03-07 06:49 -------- d-----w- c:\program files\Recuva

2012-03-07 00:45 . 2012-03-07 00:45 -------- d-----w- c:\program files (x86)\uTorrent

2012-03-06 22:58 . 2012-03-06 22:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2012-03-06 22:20 . 2012-03-06 22:20 -------- d-----w- c:\programdata\Medion Reminder

2012-03-06 22:19 . 2012-03-06 22:19 -------- d-----w- c:\users\senne&cindy

2012-03-06 22:15 . 2012-03-06 22:15 -------- d-----w- c:\program files\PlayReady

2012-03-06 22:14 . 2012-03-11 20:52 -------- d-----w- c:\program files (x86)\Common Files\Corel

2012-03-06 22:14 . 2012-03-06 22:14 -------- d-----w- c:\program files (x86)\Common Files\Protexis

2012-03-06 22:14 . 2012-03-06 22:14 -------- d-----w- c:\programdata\Corel

2012-03-06 22:12 . 2012-03-11 20:51 -------- d-----w- c:\program files (x86)\Corel

2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\programdata\Partner

2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\program files\Google

2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\program files (x86)\Google

2012-03-06 22:09 . 2012-03-06 22:09 -------- d-sh--we C:\Documents and Settings

2012-03-06 22:09 . 2012-03-06 22:09 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-06 23:01 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-03 18:27 . 2012-02-03 18:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 136176]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2012-03-06 332272]

R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 22:11]

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 22:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2012-03-06 22:11 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]

"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-03-12 443688]

"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-03-12 443688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_Dlls"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.zita.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube to MP3 Converter - c:\users\senne&cindy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.133 195.130.130.5

FF - ProfilePath - c:\users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\

FF - prefs.js: browser.startup.homepage - Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-03-18 22:53:00

ComboFix-quarantined-files.txt 2012-03-18 21:53

.

Pre-Run: 1.256.920.367.104 bytes beschikbaar

Post-Run: 1.256.630.054.912 bytes beschikbaar

.

- - End Of File - - 3E8F269A4EAACA8993C035510A3A6DEA

Link naar reactie
Delen op andere sites

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
    Opmerking:
    Als u deze melding ziet.
    C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
    Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites

Emsisoft Emergency Kit - Versie 1.0

Laatste Update: 3/19/2012 8:34:08 AM

Scaninstellingen:

Scantype: Diepe Scan

Objecten: Geheugen, Sporen, Cookies, C:\, D:\, I:\

Scan archieven: Aan

Heuristieken: Uit

ADS Scan: Aan

Scan gestart: 3/19/2012 8:36:41 AM

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:41 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:229 Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:3260 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:4736 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5014 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5017 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5062 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5695 Ontdekt: Trace.TrackingCookie.server.iad.livepers!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5878 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6196 Ontdekt: Trace.TrackingCookie.stat.onestat!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6197 Ontdekt: Trace.TrackingCookie.stat.onestat!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6832 Ontdekt: Trace.TrackingCookie.adbrite.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6977 Ontdekt: Trace.TrackingCookie.adbrite.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7049 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7050 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7051 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7647 Ontdekt: Trace.TrackingCookie.stat.onestat!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7827 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7828 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7829 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7830 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7831 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7875 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2

C:\Backup My Data\senne&cindy\AppData\Local\Temp\NwgJJtWO6kcPQW.exe.tmp Ontdekt: Trojan.Win32.FakeSysdef!IK

C:\Backup My Data\senne&cindy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60551be-4768063a/tttqcmffcjqsyb\ljmdclkbhcdgcf.class Ontdekt: JAVA.Agent!IK

C:\Backup My Data\senne&cindy\AppData\Roaming\uTorrent\PSP X2 Version 12.00\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK

I:\System Volume Information\_restore{211E2C15-D10B-42EC-85F4-3BDB542B19C2}\RP203\A0074296.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK

I:\senne's map\Map allerlei\Unzipped\zwtcpspx\zwt.rar/Keygen.exe Ontdekt: Riskware.Keygen.Corel!IK

I:\senne's map\Map allerlei\Unzipped\zip\Keygen.exe Ontdekt: Riskware.Keygen.Corel!IK

I:\senne's map\Map allerlei\Unzipped\zip\zwtcpspx.zip/Keygen.exe Ontdekt: Riskware.Keygen.Corel!IK

I:\Program Files\Corel\corel + keygen\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK

I:\Program Files\Corel\corel + keygen\Corel PaintShop Pro X2 V-12 FULLVERSION\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK

I:\cindy's map\Psp corels voor lore\PSP X2 Version 12.00\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK

Gescand

Bestanden: 1016570

Sporen: 405875

Cookies: 752

Processen: 53

Gevonden

Bestanden: 11

Sporen: 0

Cookies: 27

Processen: 0

Registersleutels: 0

Scan Geëindigd: 3/20/2012 9:17:21 AM

Scantijd: 0:40:40

I:\senne's map\Map allerlei\Unzipped\zwtcpspx\zwt.rar/Keygen.exe Verwijderd Riskware.Keygen.Corel!IK

I:\senne's map\Map allerlei\Unzipped\zip\Keygen.exe Verwijderd Riskware.Keygen.Corel!IK

I:\senne's map\Map allerlei\Unzipped\zip\zwtcpspx.zip/Keygen.exe Verwijderd Riskware.Keygen.Corel!IK

C:\Backup My Data\senne&cindy\AppData\Roaming\uTorrent\PSP X2 Version 12.00\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK

I:\System Volume Information\_restore{211E2C15-D10B-42EC-85F4-3BDB542B19C2}\RP203\A0074296.exe Verwijderd Riskware.Keygen.PaintShopPro!IK

I:\Program Files\Corel\corel + keygen\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK

I:\Program Files\Corel\corel + keygen\Corel PaintShop Pro X2 V-12 FULLVERSION\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK

I:\cindy's map\Psp corels voor lore\PSP X2 Version 12.00\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK

C:\Backup My Data\senne&cindy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60551be-4768063a/tttqcmffcjqsyb\ljmdclkbhcdgcf.class Verwijderd JAVA.Agent!IK

C:\Backup My Data\senne&cindy\AppData\Local\Temp\NwgJJtWO6kcPQW.exe.tmp Verwijderd Trojan.Win32.FakeSysdef!IK

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7875 Verwijderd Trace.TrackingCookie.m.webtrends.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7049 Verwijderd Trace.TrackingCookie.casalemedia.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7050 Verwijderd Trace.TrackingCookie.casalemedia.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7051 Verwijderd Trace.TrackingCookie.casalemedia.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6832 Verwijderd Trace.TrackingCookie.adbrite.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6977 Verwijderd Trace.TrackingCookie.adbrite.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6196 Verwijderd Trace.TrackingCookie.stat.onestat!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6197 Verwijderd Trace.TrackingCookie.stat.onestat!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7647 Verwijderd Trace.TrackingCookie.stat.onestat!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5878 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7828 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7831 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5695 Verwijderd Trace.TrackingCookie.server.iad.livepers!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:3260 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5014 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5017 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5062 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:229 Verwijderd Trace.TrackingCookie.statse.webtrendslive!A2

C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:41 Verwijderd Trace.TrackingCookie.doubleclick.net!A2

Verwijderd

Bestanden: 10

Sporen: 0

Cookies: 31

deze kunnen niet verwijderd worden zegt hij is dit erg:

[ATTACH=CONFIG]17250[/ATTACH][ATTACH=CONFIG]17251[/ATTACH]

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.