Ga naar inhoud

Direct afmelden na aanmelden op 2de account


Thuurke

Aanbevolen berichten

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Dat begrijp ik, maar : er is geen recovery partitie meer aanwezig (enkel C en de klassieke 100MB "door systeem gereserveerd")... dus : vermoedelijk werd de volledige HDD geformatteerd en W7 opnieuw geïnstalleerd met een installatieschijf (installatiedatum 01/11/2010).

Link naar reactie
Delen op andere sites

Malware kan zich op vele manieren manifesteren en wij doen eerst een grondige opruiming om uit te sluiten dat het probleem van malware komt.

Als het probleem niet opgelost is met een malware opruiming, dan is de pc in elk geval vrij van malware en dat is toch ook positief.

Wij weten heus wel waarmee we bezig zijn en we zullen nooit iets aanraden of laten doen als we denken dat het je systeem kan schaden.

Het uitvoeren van combofix heeft geen nadelige invloed op je systeem. Je moet enkel de virusscanner uitschakelen voor je combofix opstart.

Je mag ook de netwerkverbinding verbreken als je je daarbij beter voelt terwijl de virusscanner uit staat.

Link naar reactie
Delen op andere sites

Ok, ik heb het uitgevoerd als administrator, na het proces is de pc automatisch afgesloten en opgestart en als ik dan iets wou open (bv google chrome) dan staat er iets van ongeldige registersleutel en kan ik dus niet openen.

Dus ik heb de pc afgemeldt en weer aangemeldt en het logje gezocht.

Het resultaat:

ComboFix 12-03-13.01 - HP 14/03/2012 12:18:58.9.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4063.2626 [GMT 1:00]

Gestart vanuit: c:\users\HP\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-14 to 2012-03-14 ))))))))))))))))))))))))))))))

.

.

2012-03-13 19:55 . 2012-03-13 19:56 -------- d-----w- c:\users\HP\AppData\Roaming\.minecraft

2012-03-13 16:50 . 2012-03-13 16:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{848807DD-64CE-4EAA-83F4-A95FE84F3609}\offreg.dll

2012-03-13 11:38 . 2012-03-13 11:38 -------- d-----w- c:\program files\iPod

2012-03-13 11:38 . 2012-03-13 11:39 -------- d-----w- c:\program files\iTunes

2012-03-13 11:38 . 2012-03-13 11:39 -------- d-----w- c:\program files (x86)\iTunes

2012-03-13 05:52 . 2012-03-01 12:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{848807DD-64CE-4EAA-83F4-A95FE84F3609}\mpengine.dll

2012-03-12 19:39 . 2012-03-14 11:29 78848 ----a-w- c:\windows\KMSEmulator.exe

2012-03-12 16:41 . 2012-03-12 16:41 388096 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-11 10:34 . 2012-03-13 17:16 -------- d-----w- c:\users\HP\AppData\Roaming\.spoutcraft

2012-03-11 09:58 . 2012-03-11 09:58 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-03-10 18:36 . 2012-03-10 18:36 -------- d-----w- c:\program files (x86)\Scratch

2012-03-10 18:30 . 2012-03-10 18:30 -------- d-----w- c:\programdata\MediaMonkey

2012-03-10 18:30 . 2012-03-10 18:31 -------- d-----w- c:\users\HP\AppData\Roaming\MediaMonkey

2012-03-09 21:30 . 2012-03-09 21:30 0 ----a-w- c:\windows\SysWow64\sho984B.tmp

2012-03-09 20:04 . 2012-03-09 20:04 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-03-09 20:02 . 2012-03-09 20:02 -------- d-----w- c:\program files\CCleaner

2012-03-09 19:45 . 2012-03-09 20:00 -------- d-----w- C:\MATS

2012-03-09 19:22 . 2012-03-09 19:22 -------- d-----w- c:\windows\PCHEALTH

2012-03-09 17:57 . 2009-08-24 20:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe

2012-03-09 17:57 . 2012-03-09 17:57 -------- d-----w- c:\program files (x86)\Ashampoo

2012-03-09 15:42 . 2012-03-09 15:42 647168 ----a-w- c:\windows\AutoKMS.exe

2012-03-09 11:33 . 2012-03-09 11:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-09 11:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 08:18 . 2010-11-01 18:22 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-21 08:18 . 2011-12-21 08:18 66048 ----a-w- c:\windows\SysWow64\VCLSMP50.bpl

2011-12-21 08:18 . 2011-12-21 08:18 26624 ----a-w- c:\windows\SysWow64\ssmenu.dll

2011-12-21 08:18 . 2011-12-21 08:18 248832 ----a-w- c:\windows\SysWow64\VCLX50.bpl

2011-12-21 08:18 . 2011-12-21 08:18 2020864 ----a-w- c:\windows\SysWow64\VCL50.bpl

2011-12-21 07:40 . 2010-11-12 19:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-13_12.08.15 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-03-13 12:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-14 11:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-03-13 12:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-14 11:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-13 12:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-14 11:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-01 19:41 . 2012-03-14 11:02 67218 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-14 11:02 44782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-01 19:09 . 2012-03-14 11:02 16646 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561261077-3936807583-1715766741-1000_UserData.bin

- 2010-11-08 20:23 . 2012-03-11 20:53 3376 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2010-11-08 20:23 . 2012-03-13 13:28 3376 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-03-13 12:06 . 2012-03-13 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-14 11:28 . 2012-03-14 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-13 12:06 . 2012-03-13 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-14 11:28 . 2012-03-14 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-03-13 12:05 284972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-03-14 11:27 284972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-03 21:06 . 2012-03-14 11:27 5195632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1561261077-3936807583-1715766741-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"chromium"="c:\users\HP\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-10 1049072]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

.

c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Steam.lnk - c:\program files (x86)\Steam\Steam.exe [2011-3-16 1242448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]

R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-14 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS.exe [2012-03-09 15:42]

.

2012-03-14 c:\windows\Tasks\AutoKMSDaily.job

- c:\windows\AutoKMS.exe [2012-03-09 15:42]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 16:37]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 16:37]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561261077-3936807583-1715766741-1000Core.job

- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 16:29]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561261077-3936807583-1715766741-1000UA.job

- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 16:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\HP\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\HP\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\31z2ozdb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 250

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

Toolbar-!{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-14 12:34:43 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-14 11:34

ComboFix2.txt 2012-03-13 12:24

ComboFix3.txt 2011-07-23 15:58

.

Pre-Run: 212.002.172.928 bytes beschikbaar

Post-Run: 211.933.614.080 bytes beschikbaar

.

- - End Of File - - 74916EA60F52C3A6ED90C16C7E1E09BA

aangepast door Thuurke
Link naar reactie
Delen op andere sites

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\sho984B.tmp

c:\windows\AutoKMS.exe

c:\windows\Tasks\AutoKMS.job

c:\windows\Tasks\AutoKMSDaily.job

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Opnieuw een soort fout dat je geen programma's kon openen door iets van het register, maar is na afmelden gelukt.

Hier is het logje:

ComboFix 12-03-14.01 - HP 14/03/2012 20:32:53.10.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4063.2651 [GMT 1:00]

Gestart vanuit: c:\users\HP\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\HP\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\AutoKMS.exe"

"c:\windows\SysWow64\sho984B.tmp"

"c:\windows\Tasks\AutoKMS.job"

"c:\windows\Tasks\AutoKMSDaily.job"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-14 to 2012-03-14 ))))))))))))))))))))))))))))))

.

.

2012-03-13 19:55 . 2012-03-13 19:56 -------- d-----w- c:\users\HP\AppData\Roaming\.minecraft

2012-03-13 16:50 . 2012-03-13 16:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{848807DD-64CE-4EAA-83F4-A95FE84F3609}\offreg.dll

2012-03-13 11:38 . 2012-03-13 11:38 -------- d-----w- c:\program files\iPod

2012-03-13 11:38 . 2012-03-13 11:39 -------- d-----w- c:\program files\iTunes

2012-03-13 11:38 . 2012-03-13 11:39 -------- d-----w- c:\program files (x86)\iTunes

2012-03-13 05:52 . 2012-03-01 12:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{848807DD-64CE-4EAA-83F4-A95FE84F3609}\mpengine.dll

2012-03-12 19:39 . 2012-03-14 19:45 78848 ----a-w- c:\windows\KMSEmulator.exe

2012-03-12 16:41 . 2012-03-12 16:41 388096 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-11 10:34 . 2012-03-14 17:53 -------- d-----w- c:\users\HP\AppData\Roaming\.spoutcraft

2012-03-11 09:58 . 2012-03-11 09:58 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-03-10 18:36 . 2012-03-10 18:36 -------- d-----w- c:\program files (x86)\Scratch

2012-03-10 18:30 . 2012-03-10 18:30 -------- d-----w- c:\programdata\MediaMonkey

2012-03-10 18:30 . 2012-03-10 18:31 -------- d-----w- c:\users\HP\AppData\Roaming\MediaMonkey

2012-03-09 21:30 . 2012-03-09 21:30 0 ----a-w- c:\windows\SysWow64\sho984B.tmp

2012-03-09 20:04 . 2012-03-09 20:04 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-03-09 20:02 . 2012-03-09 20:02 -------- d-----w- c:\program files\CCleaner

2012-03-09 19:45 . 2012-03-09 20:00 -------- d-----w- C:\MATS

2012-03-09 19:22 . 2012-03-09 19:22 -------- d-----w- c:\windows\PCHEALTH

2012-03-09 17:57 . 2009-08-24 20:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe

2012-03-09 17:57 . 2012-03-09 17:57 -------- d-----w- c:\program files (x86)\Ashampoo

2012-03-09 15:42 . 2012-03-09 15:42 647168 ----a-w- c:\windows\AutoKMS.exe

2012-03-09 11:33 . 2012-03-09 11:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-09 11:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 08:18 . 2010-11-01 18:22 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-21 08:18 . 2011-12-21 08:18 66048 ----a-w- c:\windows\SysWow64\VCLSMP50.bpl

2011-12-21 08:18 . 2011-12-21 08:18 26624 ----a-w- c:\windows\SysWow64\ssmenu.dll

2011-12-21 08:18 . 2011-12-21 08:18 248832 ----a-w- c:\windows\SysWow64\VCLX50.bpl

2011-12-21 08:18 . 2011-12-21 08:18 2020864 ----a-w- c:\windows\SysWow64\VCL50.bpl

2011-12-21 07:40 . 2010-11-12 19:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-13_12.08.15 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-03-13 12:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-14 19:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-03-13 12:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-14 19:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-13 12:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-14 19:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-01 19:41 . 2012-03-14 16:07 67416 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-14 16:07 44900 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-01 19:09 . 2012-03-14 16:07 16670 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561261077-3936807583-1715766741-1000_UserData.bin

+ 2010-11-08 20:23 . 2012-03-13 13:28 3376 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2010-11-08 20:23 . 2012-03-11 20:53 3376 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-03-13 12:06 . 2012-03-13 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-14 19:44 . 2012-03-14 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-14 19:44 . 2012-03-14 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-13 12:06 . 2012-03-13 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 09:16 . 2012-03-12 19:11 706350 c:\windows\system32\perfh013.dat

+ 2009-07-14 09:16 . 2012-03-14 16:11 706350 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-03-12 19:11 620384 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-14 16:11 620384 c:\windows\system32\perfh009.dat

- 2009-07-14 09:16 . 2012-03-12 19:11 136120 c:\windows\system32\perfc013.dat

+ 2009-07-14 09:16 . 2012-03-14 16:11 136120 c:\windows\system32\perfc013.dat

- 2009-07-14 02:36 . 2012-03-12 19:11 108566 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-03-14 16:11 108566 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-03-14 19:43 284972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-13 12:05 284972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-03 21:06 . 2012-03-14 19:43 5195632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1561261077-3936807583-1715766741-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"chromium"="c:\users\HP\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-10 1049072]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

.

c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Steam.lnk - c:\program files (x86)\Steam\Steam.exe [2011-3-16 1242448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]

R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-14 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS.exe [2012-03-09 15:42]

.

2012-03-14 c:\windows\Tasks\AutoKMSDaily.job

- c:\windows\AutoKMS.exe [2012-03-09 15:42]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 16:37]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 16:37]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561261077-3936807583-1715766741-1000Core.job

- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 16:29]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561261077-3936807583-1715766741-1000UA.job

- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 16:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\HP\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\HP\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\31z2ozdb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 250

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

Toolbar-!{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-14 20:51:51 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-14 19:51

ComboFix2.txt 2012-03-14 11:34

ComboFix3.txt 2012-03-13 12:24

ComboFix4.txt 2011-07-23 15:58

.

Pre-Run: 209.175.625.728 bytes beschikbaar

Post-Run: 209.027.448.832 bytes beschikbaar

.

- - End Of File - - 035D2CBB0B8B1D1EC027CAA76F8F1507

Link naar reactie
Delen op andere sites

De fix is niet helemaal gelukt :sad

Open het bestand CFScript.txt

Vervang de tekst daarin door onderstaande vetgedrukte tekst.

File::

c:\windows\KMSEmulator.exe

c:\windows\SysWow64\sho984B.tmp

c:\windows\AutoKMS.exe

c:\windows\Tasks\AutoKMS.job

c:\windows\Tasks\AutoKMSDaily.job

Sla het bestand op en sluit het venster.

Herstart de pc in veilige modus.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Indien geen herstart gevraagd wordt, herstart dan zelf in normale modus.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.