Kan geen herstelpunt meer maken

29 mei 2012

volledige reset gedaan zoals bovenstaande uitleg aangeeft.

controle dat nieuw bestand is aangemaakt = OK

Herstelpunt maken : gaat niet : fout zoals aangegeven bovenaan rapport #8

Begint bedenkelijk te worden ???? Wat nog verder te ondernemen ???

mvg, ivo

kape · 31 mei 2012

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

31 mei 2012

Ik heb Combo Fix laten werken zoals u hebt aangegeven.

Hierbij log file.

Heb even gekeken en gemerkt dat Windoxw firewall terug is ingesteld zonder errors....

na het heropstarten van windows krijg ik een bericht om "Smart File Advisor" te downloaden.

Moet dit ook nog gebeuren, of is alles nu opgelost en correct ingesteld ???

Mijn hoop op herstel is weer wat groter.

vreindelijke groeten, ivo

ComboFix 12-05-31.01 - Ivo 31/05/2012 12:28:52.1.4 - x64

Gestart vanuit: c:\users\Ivo\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\FullRemove.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-31 ))))))))))))))))))))))))))))))

.

2012-05-31 10:40 . 2012-05-31 10:40 -------- d-----w- c:\users\Lieve\AppData\Local\temp

2012-05-31 10:15 . 2012-05-11 09:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-05-31 10:15 . 2012-05-31 10:41 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-05-31 10:14 . 2012-05-31 10:14 -------- d-----w- c:\programdata\PC Tools

2012-05-31 10:14 . 2012-05-31 10:14 -------- d-----w- c:\users\Ivo\AppData\Roaming\TestApp

2012-05-29 14:39 . 2012-05-31 10:41 -------- d-----w- c:\windows\system32\wbem\repository

2012-05-28 20:53 . 2012-05-28 20:53 -------- d-----w- c:\users\Ivo\AppData\Roaming\Malwarebytes

2012-05-28 20:53 . 2012-05-28 20:53 -------- d-----w- c:\programdata\Malwarebytes

2012-05-28 20:53 . 2012-05-28 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-28 20:53 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-28 08:54 . 2012-05-28 08:54 -------- d--h--w- c:\programdata\CanonIJEPPEX

2012-05-28 07:49 . 2012-05-28 07:49 388096 ----a-r- c:\users\Ivo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-28 07:49 . 2012-05-28 07:49 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-28 07:04 . 2012-05-28 07:04 -------- d-----w- c:\users\Ivo\AppData\Roaming\f-secure

2012-05-28 07:04 . 2012-05-28 07:04 -------- d-----w- c:\programdata\F-Secure

2012-05-28 06:37 . 2008-11-20 22:08 16896 ----a-w- c:\windows\system32\sasnative64.exe

2012-05-28 06:36 . 2012-05-28 06:52 -------- d-----w- c:\users\Ivo\AppData\Roaming\Systweak

2012-05-28 06:36 . 2012-03-30 10:14 18816 ----a-w- c:\windows\system32\roboot64.exe

2012-05-27 18:48 . 2012-05-27 18:48 -------- d-----w- c:\users\Ivo\AppData\Roaming\YourFileDownloader

2012-05-27 18:19 . 2012-05-27 19:29 -------- d-----w- c:\users\Ivo\AppData\Roaming\PCPro

2012-05-27 18:19 . 2012-05-27 18:19 -------- d-----w- c:\users\Ivo\AppData\Roaming\PC Cleaners

2012-05-27 18:19 . 2012-05-27 18:18 5276432 ----a-w- c:\windows\uninst.exe

2012-05-27 18:19 . 2012-05-27 18:19 -------- d-----w- c:\programdata\PC1Data

2012-05-27 00:35 . 2012-05-27 00:35 -------- d-----w- c:\programdata\IObit

2012-05-27 00:35 . 2012-05-27 00:35 -------- d-----w- c:\users\Ivo\AppData\Roaming\IObit

2012-05-27 00:35 . 2012-05-27 00:35 -------- d-----w- c:\program files (x86)\IObit

2012-05-24 13:41 . 2012-05-24 13:41 -------- d-----w- C:\TomTom

2012-05-23 00:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{548731E3-444C-4D5A-889C-F3DB48F86A71}\mpengine.dll

2012-05-15 19:16 . 2012-05-15 19:16 -------- d-----w- c:\program files (x86)\SDA

2012-05-11 11:05 . 2012-05-11 11:05 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-11 11:04 . 2012-05-11 11:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-06 22:08 . 2012-05-06 22:08 -------- d-----w- c:\programdata\TomTom

2012-05-06 22:00 . 2012-05-06 22:00 -------- d-----w- c:\program files (x86)\TomTom HOME 2

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-22 15:43 . 2012-02-05 21:28 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-05-05 19:29 . 2012-04-03 14:16 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 19:29 . 2011-08-26 07:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 19:29 . 2012-04-03 14:29 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-13 08:07 . 2011-12-07 15:03 34624 ----a-w- c:\windows\system32\TURegOpt.exe

2012-04-13 08:07 . 2011-12-07 15:04 35648 ----a-w- c:\windows\system32\uxtuneup.dll

2012-04-13 08:07 . 2011-12-07 15:04 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2012-04-13 08:07 . 2011-12-07 15:03 25920 ----a-w- c:\windows\system32\authuitu.dll

2012-04-13 08:07 . 2011-12-07 15:03 21312 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-03-28 09:10 . 2012-03-28 09:10 113664 ----a-w- c:\windows\system32\beidpkcs11.dll

2012-03-28 09:10 . 2012-03-28 09:10 268288 ----a-w- c:\windows\system32\beid35cardlayer.dll

2012-03-28 09:10 . 2012-03-28 09:10 273408 ----a-w- c:\windows\system32\beid35DlgsWin32.dll

2012-03-28 09:09 . 2012-03-28 09:09 147456 ----a-w- c:\windows\system32\beid35common.dll

2012-03-28 09:05 . 2012-03-28 09:05 360448 ----a-w- c:\windows\SysWow64\beid35applayer.dll

2012-03-28 09:05 . 2012-03-28 09:05 98304 ----a-w- c:\windows\SysWow64\Belgium Identity Card PKCS11.dll

2012-03-28 09:05 . 2012-03-28 09:05 98304 ----a-w- c:\windows\SysWow64\beidpkcs11.dll

2012-03-28 09:05 . 2012-03-28 09:05 200704 ----a-w- c:\windows\SysWow64\beid35cardlayer.dll

2012-03-28 09:04 . 2012-03-28 09:04 266240 ----a-w- c:\windows\SysWow64\beid35DlgsWin32.dll

2012-03-28 09:04 . 2012-03-28 09:04 200704 ----a-w- c:\windows\SysWow64\eidlib.dll

2012-03-28 09:04 . 2012-03-28 09:04 200704 ----a-w- c:\windows\SysWow64\beidlib.dll

2012-03-28 09:04 . 2012-03-28 09:04 126976 ----a-w- c:\windows\SysWow64\beid35common.dll

2012-03-06 23:15 . 2011-08-10 15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2011-08-10 15:19 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-03-06 23:15 . 2011-08-10 15:20 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:04 . 2011-08-10 15:20 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:04 . 2011-08-10 15:20 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2012-02-25 08:39 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-03-06 23:01 . 2011-08-10 15:20 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2011-08-10 15:20 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-03-06 23:01 . 2011-08-10 15:20 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 910208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-04 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-04 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-22 2152720]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-03-09 257344]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-13 2143552]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-10 17152]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - IPNAT

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 15:43]

.

2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:29]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-04 15:31]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-04 15:31]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.131 195.130.130.3

FF - ProfilePath - c:\users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\qqnyd8ms.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)

ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)

ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Launch Manager\LMutilps32.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-05-31 12:48:34 - machine werd herstart

ComboFix-quarantined-files.txt 2012-05-31 10:48

.

Pre-Run: 396.103.077.888 bytes beschikbaar

Post-Run: 395.649.433.600 bytes beschikbaar

.

- - End Of File - - 27D296382FD477E3C34C3900E28EDDE7

31 mei 2012 aangepast door ixeniefo
fout

kape · 31 mei 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\qqnyd8ms.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

31 mei 2012

hierbij logje na uitvoeren aanpassingen via combofix

ComboFix 12-05-31.01 - Ivo 31/05/2012 15:49:56.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3948.2116 [GMT 2:00]

Gestart vanuit: c:\users\Ivo\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Ivo\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-31 ))))))))))))))))))))))))))))))

.

2012-05-31 14:00 . 2012-05-31 14:00 -------- d-----w- c:\users\Lieve\AppData\Local\temp

2012-05-31 14:00 . 2012-05-31 14:00 -------- d-----w- c:\users\Lieve.Ivo-PC\AppData\Local\temp

2012-05-31 14:00 . 2012-05-31 14:00 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-05-31 14:00 . 2012-05-31 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-31 14:00 . 2012-05-31 14:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-05-31 13:34 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E709E55-56C9-4E74-A6A5-45C7CE78B06C}\mpengine.dll

2012-05-31 10:15 . 2012-05-11 09:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-05-31 10:15 . 2012-05-31 10:41 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-05-31 10:14 . 2012-05-31 10:14 -------- d-----w- c:\programdata\PC Tools

2012-05-31 10:14 . 2012-05-31 10:14 -------- d-----w- c:\users\Ivo\AppData\Roaming\TestApp

2012-05-29 14:39 . 2012-05-31 14:01 -------- d-----w- c:\windows\system32\wbem\repository