Trojan op C:\windows\explorer.exe

[M-BASS]

Nee, alleen de tdsskiller en een text file van eula.

[kape]

Voer het dan nog eens identiek uit in "veilige modus".

[M-BASS]

Maakt geen verschil

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[M-BASS]

Is het mogelijk dat er een bestand met de naam HIDEC niet gevonden wordt? Ik heb het eerst vanaf de desktop gestart, maar daar kwam niets uit. Nu ik het via C:\users\B & C\desktop start, geeft ie daar een foutmelding op, en gaat ie niet verder.

[kape]

Erg vreemd dat al die programma's blijkbaar problemen opleveren. Ook hier weer eerst eens proberen in "veilige modus" dan ?

[M-BASS]

Ik zie net een schermpje boven in mn C: staan, heeft dat met die combofix te maken?

[kape]

Dat heeft er inderdaad mee te maken en ook de map Qoobox (wat lager in de lijst) heeft met Combofix te maken. Zou betekenen dat de scan wel (al dan niet volledig) gebeurd is. Zit er ergens in je C-partitie geen bestandje met naam combofix.txt ?

[M-BASS]

ComboFix 12-04-16.01 - B & C 16-Apr-12 18:58:10.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2029 [GMT 2:00]

Running from: c:\users\B & C\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\Lm0JgzZ1IZ8jwb

c:\windows\IsUn0413.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))

.

.

2012-04-16 17:43 . 2012-04-16 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-16 11:51 . 2012-03-13 18:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CECEB98-C604-4064-A106-7E6D985FA8B7}\mpengine.dll

2012-04-16 09:48 . 2012-04-16 12:05 -------- d-----w- C:\tdsskiller

2012-04-16 07:21 . 2012-04-16 07:21 -------- d-----w- c:\users\B & C\AppData\Roaming\Malwarebytes

2012-04-16 07:21 . 2012-04-16 07:21 -------- d-----w- c:\programdata\Malwarebytes

2012-04-16 07:21 . 2012-04-16 07:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-15 19:58 . 2012-04-15 19:58 388096 ----a-r- c:\users\B & C\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-15 19:58 . 2012-04-15 19:58 -------- d-----w- c:\program files (x86)\Trend Micro

2012-04-15 05:43 . 2012-04-15 12:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-15 05:43 . 2012-04-15 05:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-14 18:06 . 2012-04-14 18:06 -------- d-----w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}

2012-04-14 18:06 . 2012-04-16 09:44 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer

2012-04-14 17:57 . 2012-04-14 17:57 -------- d-----w- c:\users\B & C\AppData\Local\PackageAware

2012-04-14 04:49 . 2012-04-14 04:49 -------- d-----w- c:\programdata\clp

2012-04-13 19:51 . 2012-04-13 19:58 1656 ----a-w- c:\windows\system32\ASOROSet.bin

2012-04-13 19:48 . 2012-04-16 07:18 -------- d-----w- c:\program files (x86)\WiseConvert_2.1

2012-04-13 19:18 . 2012-04-13 19:19 -------- d-----w- c:\users\B & C\AppData\Roaming\Advanced System Protector

2012-04-13 19:18 . 2012-04-13 19:52 -------- d-----w- c:\users\B & C\AppData\Roaming\Systweak

2012-04-13 19:18 . 2012-03-30 10:14 18816 ----a-w- c:\windows\system32\roboot64.exe

2012-04-13 16:03 . 2012-04-13 16:03 -------- d-----w- c:\users\B & C\AppData\Roaming\AVG2012

2012-04-13 16:02 . 2012-04-13 16:02 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-04-13 15:59 . 2012-04-13 15:59 -------- d-----w- C:\$AVG

2012-04-13 15:59 . 2012-04-16 09:46 -------- d-----w- c:\windows\system32\drivers\AVG

2012-04-13 15:59 . 2012-04-13 16:19 -------- d-----w- c:\programdata\AVG2012

2012-04-13 14:50 . 2012-04-13 14:50 -------- d-----w- c:\windows\en

2012-04-13 14:46 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-04-13 14:43 . 2012-04-13 14:43 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dc593b501cd198301\DSETUP.dll

2012-04-13 14:43 . 2012-04-13 14:43 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dc593b501cd198301\DXSETUP.exe

2012-04-13 14:43 . 2012-04-13 14:43 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dc593b501cd198301\dsetup32.dll

2012-04-13 14:43 . 2012-04-13 14:43 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dcaeecd01cd198302\MeshBetaRemover.exe

2012-04-12 10:18 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 10:18 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 10:18 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 10:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 10:15 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 10:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 10:15 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 10:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 10:15 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 10:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 12:41 . 2012-04-11 12:41 -------- d-----w- c:\users\B & C\AppData\Roaming\InstallShield

2012-04-11 10:59 . 2012-04-11 10:59 -------- d-----w- c:\users\B & C\AppData\Local\Sony

2012-03-23 08:38 . 2012-03-23 08:39 -------- d-----w- c:\programdata\GameTap Web Player

2012-03-23 08:38 . 2012-03-23 08:39 -------- d-----w- c:\program files (x86)\GameTap Web Player

2012-03-23 08:38 . 2010-10-11 18:08 819200 ----a-w- c:\windows\SysWow64\GameTapWebPlayer_4_4_0_7.ocx

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-17 06:10 . 2011-12-08 19:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-13 18:27 . 2010-01-30 07:25 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-02-22 03:25 . 2012-02-22 03:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-02-22 03:25 . 2012-02-22 03:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-02-17 06:38 . 2012-03-14 05:19 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 05:19 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 05:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 05:19 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 11:05 . 2012-02-10 11:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2B22E86-FF58-4E12-B174-08B786A9AFF9}\gapaengine.dll

2012-02-10 06:36 . 2012-03-14 05:20 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 05:20 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 13:58 . 2012-02-03 13:58 36960560 ----a-w- C:\IE9-Windows7-x64-nld.exe

2012-02-03 04:34 . 2012-03-14 05:20 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2010-01-22 14:41 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-31 02:46 . 2012-01-31 02:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-01-25 06:38 . 2012-03-14 05:19 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 05:19 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 05:19 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-01-18 10:04 . 2012-01-18 10:04 28820 ----a-w- c:\windows\SysWow64\sintfnt.dll

2012-01-18 10:04 . 2012-01-18 10:04 17836 ----a-w- c:\windows\SysWow64\sintf32.dll

2012-01-18 10:04 . 2012-01-18 10:04 12066 ----a-w- c:\windows\SysWow64\sintf16.dll

2009-08-24 08:18 . 2009-11-17 10:51 16024576 ----a-w- c:\program files\MonPro_Setup.msi

2009-08-24 08:02 . 2009-11-17 10:51 2959376 ----a-w- c:\program files\dotnetfx35setup.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\christ~1\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-03-14 446136]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="t:\downloads\MpcStar\Codecs\QuickTime\QTTask.exe" [2011-07-05 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]

.

c:\users\B & C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Check for TWS Updates.lnk - s:\program files\lynx\WiseUpdt.exe [2012-2-13 194775]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-20 46432]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

Microsoft Office.lnk - s:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 136176]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 11:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 08:59]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 08:59]

.

2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_NL&c=94&bd=Presario&pf=cndt

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - s:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKLM-Run-UpdatePRCShortCut - c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - (no file)

WebBrowser-{ECCE0073-A837-45A2-95B9-600420505F7E} - (no file)

AddRemove-Catan - c:\windows\IsUn0413.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3782904340-332925399-3525645889-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%d*S%]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3782904340-332925399-3525645889-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%d*S%\OpenWithList]

@Class="Shell"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

c:\christy (work)\Messenger\ymsgr_tray.exe

c:\program files (x86)\AVG\AVG2012\avgcfgex.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

.

**************************************************************************

.

Completion time: 2012-04-16 20:14:08 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-16 18:13

.

Pre-Run: 447,526,649,856 bytes free

Post-Run: 447,197,073,408 bytes free

.

- - End Of File - - 94962584A174277C97E81F648447B6B3

Het werkte eindelijk

[M-BASS]

Dat heeft er inderdaad mee te maken en ook de map Qoobox (wat lager in de lijst) heeft met Combofix te maken. Zou betekenen dat de scan wel (al dan niet volledig) gebeurd is. Zit er ergens in je C-partitie geen bestandje met naam combofix.txt ?

Ja, het pc schermpje is nu weg, en de logfile staat nu wel op C:

Had alleen niet verwacht dat het 50 stages zou zijn.... Stond zo mooi bij dat het doorgaans in 10 minuten klaar zou zijn met scannen, behalve als je pc geinfecteerd is. Duurde dus aanzienlijk langer dan 10 minuten, meer ruim een uur.