Computer met opstartproblemen

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

c:\users\pereira\AppData\Local\Temp\0054884.tmp

Driver::

X6va005

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[Jony77]

Het duurde even omdat ik de eerste 3x bij Combofix had dat m'n computer niet goed opstartte dus moest het nog een keer doen, maar heb hem nu wel.

Hier is het Combofix logje:

ComboFix 12-05-25.02 - pereira 25-05-2012 14:21:30.7.4 - x64 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3555 [GMT 2:00]

Running from: c:\users\pereira\Downloads\ComboFix.exe

Command switches used :: c:\users\pereira\Desktop\Computerforum\CFScript.txt

AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_X6VA005

-------\Service_X6va005

.

.

((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))

.

.

2012-05-25 12:28 . 2012-05-25 12:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-23 17:39 . 2012-05-23 17:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-22 15:32 . 2012-05-22 15:32 -------- d-----w- c:\users\pereira\AppData\Roaming\Uniblue

2012-05-22 15:32 . 2012-05-22 15:32 -------- d-----w- c:\program files (x86)\Uniblue

2012-05-22 12:46 . 2012-05-22 12:46 388096 ----a-r- c:\users\pereira\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-22 12:46 . 2012-05-22 12:46 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-21 10:00 . 2012-05-21 10:00 -------- d-----w- C:\Perfect World Entertainment

2012-05-21 09:59 . 2012-05-21 09:59 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-05-21 09:57 . 2012-05-22 14:20 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-05-15 10:41 . 2012-05-15 10:41 -------- d-----w- c:\users\pereira\AppData\Local\GamersFirst LIVE!

2012-05-15 10:41 . 2012-05-22 18:32 -------- d-----w- c:\users\pereira\AppData\Local\PMB Files

2012-05-15 10:41 . 2012-05-22 12:42 -------- d-----w- c:\programdata\PMB Files

2012-05-12 18:43 . 2012-05-12 18:43 -------- d-----w- c:\users\pereira\AppData\Roaming\OpenCandy

2012-05-12 17:09 . 2012-05-12 17:12 -------- d-----w- c:\users\pereira\AppData\Local\Roblox

2012-05-11 18:40 . 2012-05-11 18:40 -------- d-----w- c:\users\pereira\AppData\Local\Pando_Temp

2012-05-05 15:34 . 2012-05-05 15:34 -------- d-----w- c:\windows\nl

2012-05-05 15:32 . 2012-05-05 15:32 -------- d-----w- c:\windows\en

2012-05-05 15:29 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-05-05 15:27 . 2012-05-05 15:27 -------- d-----w- c:\program files (x86)\Microsoft

2012-05-05 15:26 . 2012-05-05 15:26 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a3b05141cd2ad304\bingbarsetup.exe

2012-05-05 15:26 . 2012-05-05 15:26 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\DSETUP.dll

2012-05-05 15:26 . 2012-05-05 15:26 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\DXSETUP.exe

2012-05-05 15:26 . 2012-05-05 15:26 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\dsetup32.dll

2012-05-05 15:26 . 2012-05-05 15:26 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\63655a941cd2ad303\MeshBetaRemover.exe

2012-05-01 17:09 . 2012-05-01 17:09 -------- d-----w- c:\users\pereira\AppData\Local\Overwolf

2012-04-27 14:48 . 2012-05-25 05:46 -------- d-----w- c:\users\pereira\AppData\Local\CrashDumps

2012-04-27 08:37 . 2012-05-24 08:54 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-04-26 18:53 . 2012-05-24 09:24 -------- d-----w- c:\programdata\Norton

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-23 08:52 . 2011-09-01 22:01 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-05-23 08:52 . 2011-09-01 21:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-05-22 15:26 . 2011-09-01 21:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-05-22 15:26 . 2011-09-01 21:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-05 09:54 . 2011-08-30 20:15 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat

2012-04-05 09:54 . 2011-08-30 20:15 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-04-04 13:56 . 2011-12-25 11:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 17:05 . 2011-10-15 09:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-17 14:25 . 2012-03-17 14:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-03-17 14:25 . 2012-03-17 14:25 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-03-17 14:25 . 2012-03-17 14:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-03-17 14:24 . 2012-03-17 14:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-14 17:52 . 2012-03-14 17:52 626688 ----a-w- c:\windows\SysWow64\msvcr80.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-01 06:46 . 2012-04-12 18:32 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 18:32 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 18:32 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 18:32 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 18:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 18:32 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 18:32 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 18:33 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 18:33 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 18:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 18:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 18:33 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 18:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 18:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 18:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-25_09.42.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-28 02:24 . 2012-05-25 12:32 32366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-25 12:32 30710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-28 02:04 . 2012-05-25 12:32 19944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1315410273-961244801-112668203-1000_UserData.bin

- 2012-05-25 09:42 . 2012-05-25 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-25 12:29 . 2012-05-25 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-25 09:42 . 2012-05-25 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-25 12:29 . 2012-05-25 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-05-25 06:12 391180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-25 11:37 391180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\pereira\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]

"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2011-10-20 338296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-4-29 2647664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-25 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-05-22 12:43]

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315410273-961244801-112668203-1000Core.job

- c:\users\pereira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 18:26]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315410273-961244801-112668203-1000UA.job

- c:\users\pereira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 18:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-28 10867816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

HKLM-Run-combofix - c:\combofix\CF12488.3XE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Completion time: 2012-05-25 14:35:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-25 12:35

ComboFix2.txt 2012-05-25 09:47

.

Pre-Run: 727.341.895.680 bytes free

Post-Run: 727.249.580.032 bytes free

.

- - End Of File - - 61EC1B577782B11869E78816FFCCBDE2

En hier is het nieuwe Hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:41:45, on 25-5-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe

C:\Users\pereira\AppData\Local\Akamai\netsession_win.exe

C:\Users\pereira\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pereira\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000

O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe

O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10089 bytes

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Jony77]

Sorry voor de late reactie maar ik had een voetbaltoernooi heel de dag gisteren dus kon niet op de computer..

Hier is het logje:

ComboFix 12-05-25.02 - pereira 26-05-2012 13:27:44.11.4 - x64 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3428 [GMT 2:00]

Running from: c:\users\pereira\Downloads\ComboFix.exe

Command switches used :: c:\users\pereira\Desktop\Computerforum\CFScript.txt

AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP"

.

.

((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))

.

.

2012-05-26 11:33 . 2012-05-26 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-23 17:39 . 2012-05-23 17:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-22 15:32 . 2012-05-22 15:32 -------- d-----w- c:\users\pereira\AppData\Roaming\Uniblue

2012-05-22 15:32 . 2012-05-22 15:32 -------- d-----w- c:\program files (x86)\Uniblue

2012-05-22 12:46 . 2012-05-22 12:46 388096 ----a-r- c:\users\pereira\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-22 12:46 . 2012-05-22 12:46 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-21 10:00 . 2012-05-21 10:00 -------- d-----w- C:\Perfect World Entertainment

2012-05-21 09:59 . 2012-05-21 09:59 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-05-21 09:57 . 2012-05-22 14:20 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-05-15 10:41 . 2012-05-15 10:41 -------- d-----w- c:\users\pereira\AppData\Local\GamersFirst LIVE!

2012-05-15 10:41 . 2012-05-22 18:32 -------- d-----w- c:\users\pereira\AppData\Local\PMB Files

2012-05-15 10:41 . 2012-05-22 12:42 -------- d-----w- c:\programdata\PMB Files

2012-05-12 18:43 . 2012-05-12 18:43 -------- d-----w- c:\users\pereira\AppData\Roaming\OpenCandy

2012-05-12 17:09 . 2012-05-25 20:03 -------- d-----w- c:\users\pereira\AppData\Local\Roblox

2012-05-11 18:40 . 2012-05-11 18:40 -------- d-----w- c:\users\pereira\AppData\Local\Pando_Temp

2012-05-05 15:34 . 2012-05-05 15:34 -------- d-----w- c:\windows\nl

2012-05-05 15:32 . 2012-05-05 15:32 -------- d-----w- c:\windows\en

2012-05-05 15:29 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-05-05 15:27 . 2012-05-05 15:27 -------- d-----w- c:\program files (x86)\Microsoft

2012-05-05 15:26 . 2012-05-05 15:26 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a3b05141cd2ad304\bingbarsetup.exe

2012-05-05 15:26 . 2012-05-05 15:26 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\DSETUP.dll

2012-05-05 15:26 . 2012-05-05 15:26 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\DXSETUP.exe

2012-05-05 15:26 . 2012-05-05 15:26 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\dsetup32.dll

2012-05-05 15:26 . 2012-05-05 15:26 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\63655a941cd2ad303\MeshBetaRemover.exe

2012-05-01 17:09 . 2012-05-01 17:09 -------- d-----w- c:\users\pereira\AppData\Local\Overwolf

2012-04-27 14:48 . 2012-05-26 08:23 -------- d-----w- c:\users\pereira\AppData\Local\CrashDumps

2012-04-27 08:37 . 2012-05-24 08:54 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-04-26 18:53 . 2012-05-24 09:24 -------- d-----w- c:\programdata\Norton

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-23 08:52 . 2011-09-01 22:01 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-05-23 08:52 . 2011-09-01 21:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-05-22 15:26 . 2011-09-01 21:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-05-22 15:26 . 2011-09-01 21:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-05 09:54 . 2011-08-30 20:15 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat

2012-04-05 09:54 . 2011-08-30 20:15 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-04-04 13:56 . 2011-12-25 11:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 17:05 . 2011-10-15 09:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-17 14:25 . 2012-03-17 14:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-03-17 14:25 . 2012-03-17 14:25 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-03-17 14:25 . 2012-03-17 14:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-03-17 14:24 . 2012-03-17 14:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-14 17:52 . 2012-03-14 17:52 626688 ----a-w- c:\windows\SysWow64\msvcr80.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-01 06:46 . 2012-04-12 18:32 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 18:32 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 18:32 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 18:32 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 18:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 18:32 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 18:32 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 18:33 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 18:33 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 18:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 18:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 18:33 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 18:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 18:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 18:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-25_09.42.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-28 02:24 . 2012-05-26 11:37 32612 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-26 09:57 30710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-28 02:04 . 2012-05-26 09:57 20340 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1315410273-961244801-112668203-1000_UserData.bin

+ 2012-05-26 11:35 . 2012-05-26 11:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-25 09:42 . 2012-05-25 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-26 11:35 . 2012-05-26 11:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-25 09:42 . 2012-05-25 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-08 02:39 . 2012-05-25 06:12 229344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-08 02:39 . 2012-05-26 09:51 229344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-05-26 09:51 391180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-05-25 06:12 391180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-09-12 18:31 . 2012-05-25 20:09 2840376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-8192.dat

- 2011-09-12 18:31 . 2012-05-24 09:06 2840376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-8192.dat

+ 2011-08-28 21:22 . 2012-05-26 09:51 2969376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-12288.dat

- 2011-08-28 21:22 . 2012-05-24 18:33 2969376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\pereira\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]

"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2011-10-20 338296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-4-29 2647664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-26 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-05-22 12:43]

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315410273-961244801-112668203-1000Core.job

- c:\users\pereira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 18:26]

.

2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315410273-961244801-112668203-1000UA.job

- c:\users\pereira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 18:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-28 10867816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Completion time: 2012-05-26 13:40:11 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-26 11:40

ComboFix2.txt 2012-05-25 12:35

ComboFix3.txt 2012-05-25 09:47

.

Pre-Run: 736.911.044.608 bytes free

Post-Run: 736.818.728.960 bytes free

.

- - End Of File - - 5D97F7EE2FCD9492A261AAEBF66D7B6C

[kape]

Dit is niet helemaal correct verlopen. Wil je dat nog eens herhalen, maar doe het nu in "veilige modus". Daarna graag een nieuw logje van Combofix.

[Jony77]

Ik hoop dat het nu wel is gelukt, moest het wel meerdere keren doen aangezien m'n pc weer niet goed opstartte..

hier is het logje:

ComboFix 12-05-25.02 - pereira 29-05-2012 11:51:30.14.4 - x64 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3432 [GMT 2:00]

Running from: c:\users\pereira\Downloads\ComboFix.exe

Command switches used :: c:\users\pereira\Desktop\Computerforum\CFScript.txt

AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP"

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))

.

.

2012-05-29 09:57 . 2012-05-29 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-23 17:39 . 2012-05-23 17:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-22 15:32 . 2012-05-22 15:32 -------- d-----w- c:\users\pereira\AppData\Roaming\Uniblue

2012-05-22 15:32 . 2012-05-22 15:32 -------- d-----w- c:\program files (x86)\Uniblue

2012-05-22 12:46 . 2012-05-22 12:46 388096 ----a-r- c:\users\pereira\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-22 12:46 . 2012-05-22 12:46 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-21 10:00 . 2012-05-21 10:00 -------- d-----w- C:\Perfect World Entertainment

2012-05-21 09:59 . 2012-05-21 09:59 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-05-21 09:57 . 2012-05-22 14:20 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-05-15 10:41 . 2012-05-15 10:41 -------- d-----w- c:\users\pereira\AppData\Local\GamersFirst LIVE!

2012-05-15 10:41 . 2012-05-22 18:32 -------- d-----w- c:\users\pereira\AppData\Local\PMB Files

2012-05-15 10:41 . 2012-05-22 12:42 -------- d-----w- c:\programdata\PMB Files

2012-05-12 18:43 . 2012-05-12 18:43 -------- d-----w- c:\users\pereira\AppData\Roaming\OpenCandy

2012-05-12 17:09 . 2012-05-25 20:03 -------- d-----w- c:\users\pereira\AppData\Local\Roblox

2012-05-11 18:40 . 2012-05-11 18:40 -------- d-----w- c:\users\pereira\AppData\Local\Pando_Temp

2012-05-05 15:34 . 2012-05-05 15:34 -------- d-----w- c:\windows\nl

2012-05-05 15:32 . 2012-05-05 15:32 -------- d-----w- c:\windows\en

2012-05-05 15:29 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-05-05 15:27 . 2012-05-05 15:27 -------- d-----w- c:\program files (x86)\Microsoft

2012-05-05 15:26 . 2012-05-05 15:26 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a3b05141cd2ad304\bingbarsetup.exe

2012-05-05 15:26 . 2012-05-05 15:26 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\DSETUP.dll

2012-05-05 15:26 . 2012-05-05 15:26 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\DXSETUP.exe

2012-05-05 15:26 . 2012-05-05 15:26 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\62d5748e1cd2ad302\dsetup32.dll

2012-05-05 15:26 . 2012-05-05 15:26 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\63655a941cd2ad303\MeshBetaRemover.exe

2012-05-01 17:09 . 2012-05-01 17:09 -------- d-----w- c:\users\pereira\AppData\Local\Overwolf

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-23 08:52 . 2011-09-01 22:01 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-05-23 08:52 . 2011-09-01 21:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-05-22 15:26 . 2011-09-01 21:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-05-22 15:26 . 2011-09-01 21:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-05 09:54 . 2011-08-30 20:15 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat

2012-04-05 09:54 . 2011-08-30 20:15 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-04-04 13:56 . 2011-12-25 11:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 17:05 . 2011-10-15 09:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-17 14:25 . 2012-03-17 14:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-03-17 14:25 . 2012-03-17 14:25 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-03-17 14:25 . 2012-03-17 14:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-03-17 14:24 . 2012-03-17 14:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-14 17:52 . 2012-03-14 17:52 626688 ----a-w- c:\windows\SysWow64\msvcr80.dll

2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-01 06:46 . 2012-04-12 18:32 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 18:32 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 18:32 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 18:32 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 18:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 18:32 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 18:32 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-25_09.42.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-28 02:24 . 2012-05-29 09:31 32840 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-29 09:31 30710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-28 02:04 . 2012-05-29 09:31 20444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1315410273-961244801-112668203-1000_UserData.bin

+ 2012-05-29 09:58 . 2012-05-29 09:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-25 09:42 . 2012-05-25 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-29 09:58 . 2012-05-29 09:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-25 09:42 . 2012-05-25 09:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-08 02:39 . 2012-05-25 06:12 229344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-08 02:39 . 2012-05-28 17:51 229344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-05-28 17:51 391180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-05-25 06:12 391180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-09-12 18:31 . 2012-05-28 17:51 2840376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-8192.dat

- 2011-09-12 18:31 . 2012-05-24 09:06 2840376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-8192.dat

+ 2011-08-28 21:22 . 2012-05-28 17:51 2969376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-12288.dat

- 2011-08-28 21:22 . 2012-05-24 18:33 2969376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1315410273-961244801-112668203-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\pereira\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]

"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2011-10-20 338296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-4-29 2647664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-29 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-05-22 12:43]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315410273-961244801-112668203-1000Core.job

- c:\users\pereira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 18:26]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315410273-961244801-112668203-1000UA.job

- c:\users\pereira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-28 18:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-28 10867816]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Completion time: 2012-05-29 12:03:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-29 10:03

ComboFix2.txt 2012-05-29 09:33

ComboFix3.txt 2012-05-26 11:40

ComboFix4.txt 2012-05-25 12:35

ComboFix5.txt 2012-05-29 09:38

.

Pre-Run: 736.491.118.592 bytes free

Post-Run: 736.400.097.280 bytes free

.

- - End Of File - - 41655C113C8930322D5E05BF550772C4

[kape]

Dit bestand c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP mag je manueel verwijderen.

Dan Combofix opruimen via Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

[Jony77]

Heb gedaan wat je zei, dit heeft jammer genoeg niet het probleem opgelost..

Vanochtend startte m'n pc namelijk weer niet goed op, daarna weer wel

[kape]

Download en installeer Speccy.

Tijdens de installatie heb je nu de mogelijkheid om Nederlands als taal te selecteren.

Start nu het programma en er zal een overzicht gemaakt worden van je hardware.

Als dit gereed is selecteer je bovenaan " Bestand - Publiceer Snapshot " en vervolgens bevestig je die keuze met " Ja ".

In het venster dat nu opent krijg je een link te zien, kopieer nu die link en plak die in je volgende bericht.

Wil je in woord en beeld zien hoe je een logje van Speccy maakt en plaatst kun je dat Hier lezen.

Ook Dit (KLIK) filmpje laat zien hoe je een Speccy-logje kan plakken in je antwoord.

Na het plaatsen van je logje wordt dit door een expert nagekeken.

[Jony77]

Bedankt voor je reactie kape!

Hier in de link van Speccy