Ga naar inhoud

microsoft


jaap136

Aanbevolen berichten

ja het is de echte microsoft NL tel. 0205001500

Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400

www.malwarebytes.org

Databaseversie: v2012.07.11.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

JAAP :: JAAP-PC [administrator]

Realtime bescherming: Ingeschakeld

11-7-2012 11:48:04

mbam-log-2012-07-11 (11-48-04).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 235588

Verstreken tijd: 4 minuut/minuten, 8 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 1

C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 4

C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Link naar reactie
Delen op andere sites

  • Reacties 39
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

NL tel. 0205001500
= inderdaad het Contact Center van Microsoft Nederland
Link naar reactie
Delen op andere sites

nou ik heb combofix gedaan maar ik krijg nu steeds een raar bericht: er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering (dat kreeg ik toen ik het logje probeerde te openen en ook internet maar dat fixte ik via adminstrator te openen)

Link naar reactie
Delen op andere sites

het is gelukt om logje te openen: ComboFix 12-07-11.03 - Diana 11-07-2012 19:31:07.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7159.4100 [GMT 2:00]

Gestart vanuit: c:\users\Diana\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1333461294.bdinstall.bin

c:\programdata\1333462120.bdinstall.bin

c:\programdata\AMMYY

c:\programdata\AMMYY\hr

c:\programdata\AMMYY\hr3

c:\programdata\AMMYY\settings3.bin

c:\programdata\FullRemove.exe

c:\users\Diana\AppData\Local\Temp\{EC51A8C7-BFA0-4894-B9A3-071E2B4EF204}\fpb.tmp

c:\users\Diana\AppData\Roaming\inst.exe

c:\users\Diana\AppData\Roaming\vso_ts_preview.xml

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-11 to 2012-07-11 ))))))))))))))))))))))))))))))

.

.

2012-07-11 16:39 . 2012-07-11 16:39 562032 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor13.dll

2012-07-11 09:47 . 2012-07-11 09:47 -------- d-----w- c:\users\Diana\AppData\Roaming\Malwarebytes

2012-07-11 09:47 . 2012-07-11 09:47 -------- d-----w- c:\programdata\Malwarebytes

2012-07-11 09:47 . 2012-07-11 09:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-11 09:47 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 09:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 08:59 . 2012-04-03 14:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5367DD61-4D48-4A48-A586-56EB3570C265}\gapaengine.dll

2012-07-11 08:58 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B22CEB0B-4C89-4253-984A-91357F2F2C3C}\mpengine.dll

2012-07-11 08:22 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-09 19:14 . 2012-07-09 19:14 -------- d-----w- c:\users\Diana\AppData\Roaming\Origin

2012-07-08 12:24 . 2012-07-11 18:14 -------- d-----w- c:\users\Diana\AppData\Roaming\.techniclauncher

2012-07-04 13:39 . 2012-07-04 17:41 -------- d-----w- c:\users\Diana\AppData\Roaming\.platinum

2012-07-01 16:11 . 2012-07-11 18:14 -------- d-----w- c:\program files (x86)\Smallvideosoft

2012-07-01 12:13 . 2012-07-11 08:49 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-07-01 12:13 . 2012-07-01 12:13 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2012-06-30 20:53 . 2012-07-09 07:48 -------- dc----w- c:\users\Diana\AppData\Local\MigWiz

2012-06-30 20:49 . 2012-07-11 08:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-06-30 13:32 . 2012-06-30 13:32 -------- d-----w- c:\users\Diana\AppData\Local\LogMeIn

2012-06-30 13:32 . 2012-06-30 13:32 -------- d-----w- c:\programdata\LogMeIn

2012-06-30 13:29 . 2012-07-11 08:49 -------- d-----w- c:\program files (x86)\LogMeIn Ignition

2012-06-30 12:03 . 2012-06-30 12:03 -------- d-----w- c:\programdata\Canneverbe Limited

2012-06-30 12:03 . 2012-07-11 08:49 -------- d-----w- c:\program files (x86)\CDBurnerXP

2012-06-30 09:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-30 09:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-29 13:49 . 2012-06-29 13:49 -------- d-----w- c:\users\Diana\AppData\Local\Macromedia

2012-06-29 13:48 . 2012-06-14 22:19 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-06-29 13:47 . 2012-06-14 22:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-29 13:47 . 2012-06-14 22:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-29 13:09 . 2012-06-29 13:09 -------- d-----w- c:\users\Diana\AppData\Local\Chromium

2012-06-29 13:08 . 2012-07-11 08:47 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2012-06-29 13:04 . 2012-07-11 08:47 -------- d-----w- c:\programdata\Hi-Rez Studios

2012-06-29 13:04 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Hi-Rez Studios

2012-06-29 12:24 . 2012-06-30 09:57 -------- d-----w- c:\users\Diana\AppData\Local\LogMeIn Hamachi

2012-06-29 10:31 . 2012-07-11 08:47 -------- d-----w- c:\programdata\MySQL

2012-06-29 07:32 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-28 10:55 . 2012-06-28 10:55 82816 ----a-w- c:\users\Diana\AppData\Roaming\pcouffin.sys

2012-06-27 20:10 . 2012-06-27 20:30 -------- d-----w- c:\users\Diana\AppData\Roaming\SQLyog

2012-06-27 20:10 . 2012-06-28 06:21 -------- d-----w- c:\program files (x86)\SQLyog Community

2012-06-25 17:38 . 2012-07-11 08:46 -------- d-----w- C:\Nexon

2012-06-25 12:38 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack

2012-06-25 12:30 . 2012-07-11 08:49 -------- d-----w- c:\users\Diana\AppData\Roaming\vlc

2012-06-22 18:29 . 2012-06-22 18:29 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-06-22 18:29 . 2012-07-11 08:47 -------- d-----w- c:\program files (x86)\Java

2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2012-06-19 14:55 . 2012-07-11 08:47 -------- d-----w- c:\program files\Common Files\Adobe

2012-06-17 15:20 . 2012-06-28 10:52 -------- d-----w- c:\users\Diana\AppData\Roaming\AVS4YOU

2012-06-17 15:19 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-06-17 15:19 . 2012-06-28 10:55 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-06-17 15:19 . 2012-06-17 15:20 -------- d-----w- c:\programdata\AVS4YOU

2012-06-17 15:19 . 2012-03-23 17:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2012-06-17 15:19 . 2012-03-23 17:59 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-06-15 19:19 . 2012-06-15 19:19 -------- d-----w- c:\programdata\ATI

2012-06-15 16:59 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-06-15 16:58 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-06-14 17:44 . 2012-06-14 17:44 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-06-14 13:39 . 2012-06-30 10:24 -------- d-----w- c:\users\Diana\AppData\Roaming\Vso

2012-06-12 19:05 . 2012-07-11 08:47 -------- d-----w- c:\program files\Speccy

2012-06-12 18:37 . 2012-04-03 14:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-12 18:35 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-12 18:35 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-12 18:35 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-12 18:35 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-12 18:34 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-12 18:34 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-12 18:34 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-12 18:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 18:34 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-12 18:34 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-12 18:34 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 18:34 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 18:34 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-12 18:34 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 18:34 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-12 18:34 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-29 17:15 . 2011-11-21 20:03 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-29 17:15 . 2011-11-21 19:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-06-29 17:15 . 2011-11-21 19:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-06-25 17:38 . 2011-12-26 14:55 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat

2012-06-25 17:38 . 2011-12-26 14:55 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-06-23 20:02 . 2012-04-01 15:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 20:02 . 2011-11-20 20:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-22 18:29 . 2012-01-15 15:50 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-17 08:17 . 2011-11-21 19:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-06-02 22:19 . 2012-06-09 20:41 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-09 20:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-09 20:42 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-09 20:42 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-09 20:41 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-09 20:42 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-09 20:41 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-09 20:41 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-09 20:41 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-01 21:18 . 2012-06-01 21:18 41224 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-05-07 1073312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 ALSysIO;ALSysIO;c:\users\Diana\AppData\Local\Temp\ALSysIO64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 getbus;getbus;c:\users\Diana\AppData\Local\Temp\getbus.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-20 1255736]

R4 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]

R4 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]

R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-06-01 41224]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-11-09 1677072]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-06-20 468848]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-06-20 384880]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-14 283200]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-01-04 413800]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:02]

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 20:10]

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 20:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2012-05-16 01:10 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.nederland.fm/

uLocal Page = c:\windows\SYSTEM32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.90.104.1

FF - ProfilePath - c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\sidzk657.default\

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3476176345-4275865163-1462088770-1001\Software\SecuROM\License information*]

"datasecu"=hex:b6,45,79,a8,1a,0e,6a,c6,23,d6,4c,35,26,95,68,3f,4c,59,eb,84,69,

58,a3,0e,91,d8,00,26,bd,43,4d,79,3b,00,39,d7,e8,1a,d7,eb,e0,ff,7d,50,6c,f9,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-11 19:39:02 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-11 17:39

.

Pre-Run: 296.707.506.176 bytes beschikbaar

Post-Run: 296.492.457.984 bytes beschikbaar

.

- - End Of File - - E71127D296E7CE943D320889E20BCE53

Link naar reactie
Delen op andere sites

het probeem van: er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering is opgelost door ccleaner (was tip op een ander site die ook combofix gebruikte hij had zelfde probleem)

maar is mijn computer nu veilig naar Hijackthis --> malwarebytes --> combofix.exe

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\sidzk657.default\

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Vraag : heb je - bij het telefonisch contact - de opdracht gekregen om TeamViewer te installeren ? Of stond die al eerder op je PC ?

aangepast door kape
Link naar reactie
Delen op andere sites

nee ze werken niet met teamviewer dat gaat allemaal professional je eigen scherm word zwart met meschien een plaatje erop maar meer niet je mag niks zien dit had ik van een vriend zijn vader gehoord maar hier heb je het logje :

(van die cfscript.txt dat snapte ik niet helemaal maar ik deed het maar volgens mij had het geen efect op combofix want hij ging gewoon door met scannen van 1/50 delen)

ComboFix 12-07-11.03 - Diana 12-07-2012 10:00:44.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7159.5106 [GMT 2:00]

Gestart vanuit: c:\users\Diana\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Diana\AppData\Local\Temp\{D87B4862-5FD8-40A0-AB1C-5613D63F2C39}\fpb.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))

.

.

2012-07-12 08:05 . 2012-07-12 08:05 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-07-12 08:05 . 2012-07-12 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-11 16:39 . 2012-07-11 16:39 562032 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor13.dll

2012-07-11 09:47 . 2012-07-11 09:47 -------- d-----w- c:\users\Diana\AppData\Roaming\Malwarebytes

2012-07-11 09:47 . 2012-07-11 09:47 -------- d-----w- c:\programdata\Malwarebytes

2012-07-11 09:47 . 2012-07-11 09:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-11 09:47 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 09:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 08:59 . 2012-04-03 14:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5367DD61-4D48-4A48-A586-56EB3570C265}\gapaengine.dll

2012-07-11 08:22 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-09 19:14 . 2012-07-09 19:14 -------- d-----w- c:\users\Diana\AppData\Roaming\Origin

2012-07-08 12:24 . 2012-07-11 18:14 -------- d-----w- c:\users\Diana\AppData\Roaming\.techniclauncher

2012-07-04 13:39 . 2012-07-04 17:41 -------- d-----w- c:\users\Diana\AppData\Roaming\.platinum

2012-07-01 16:11 . 2012-07-11 18:14 -------- d-----w- c:\program files (x86)\Smallvideosoft

2012-07-01 12:13 . 2012-07-11 08:49 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-07-01 12:13 . 2012-07-01 12:13 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2012-06-30 20:53 . 2012-07-09 07:48 -------- dc----w- c:\users\Diana\AppData\Local\MigWiz

2012-06-30 20:49 . 2012-07-11 18:26 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-06-30 13:32 . 2012-06-30 13:32 -------- d-----w- c:\users\Diana\AppData\Local\LogMeIn

2012-06-30 13:32 . 2012-06-30 13:32 -------- d-----w- c:\programdata\LogMeIn

2012-06-30 13:29 . 2012-07-11 08:49 -------- d-----w- c:\program files (x86)\LogMeIn Ignition

2012-06-30 12:03 . 2012-06-30 12:03 -------- d-----w- c:\programdata\Canneverbe Limited

2012-06-30 12:03 . 2012-07-11 08:49 -------- d-----w- c:\program files (x86)\CDBurnerXP

2012-06-30 09:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-30 09:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-29 13:49 . 2012-06-29 13:49 -------- d-----w- c:\users\Diana\AppData\Local\Macromedia

2012-06-29 13:48 . 2012-06-14 22:19 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-06-29 13:47 . 2012-06-14 22:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-29 13:47 . 2012-06-14 22:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-29 13:09 . 2012-06-29 13:09 -------- d-----w- c:\users\Diana\AppData\Local\Chromium

2012-06-29 13:08 . 2012-07-11 08:47 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2012-06-29 13:04 . 2012-07-11 08:47 -------- d-----w- c:\programdata\Hi-Rez Studios

2012-06-29 13:04 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Hi-Rez Studios

2012-06-29 12:24 . 2012-06-30 09:57 -------- d-----w- c:\users\Diana\AppData\Local\LogMeIn Hamachi

2012-06-29 10:31 . 2012-07-11 08:47 -------- d-----w- c:\programdata\MySQL

2012-06-29 07:32 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-28 10:55 . 2012-06-28 10:55 82816 ----a-w- c:\users\Diana\AppData\Roaming\pcouffin.sys

2012-06-27 20:10 . 2012-06-27 20:30 -------- d-----w- c:\users\Diana\AppData\Roaming\SQLyog

2012-06-27 20:10 . 2012-06-28 06:21 -------- d-----w- c:\program files (x86)\SQLyog Community

2012-06-25 17:38 . 2012-07-11 08:46 -------- d-----w- C:\Nexon

2012-06-25 12:38 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack

2012-06-25 12:30 . 2012-07-11 08:49 -------- d-----w- c:\users\Diana\AppData\Roaming\vlc

2012-06-22 18:29 . 2012-06-22 18:29 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-06-22 18:29 . 2012-07-11 08:47 -------- d-----w- c:\program files (x86)\Java

2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2012-06-19 14:55 . 2012-07-11 08:47 -------- d-----w- c:\program files\Common Files\Adobe

2012-06-17 15:20 . 2012-06-28 10:52 -------- d-----w- c:\users\Diana\AppData\Roaming\AVS4YOU

2012-06-17 15:19 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-06-17 15:19 . 2012-06-28 10:55 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-06-17 15:19 . 2012-06-17 15:20 -------- d-----w- c:\programdata\AVS4YOU

2012-06-17 15:19 . 2012-03-23 17:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2012-06-17 15:19 . 2012-03-23 17:59 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-06-15 19:19 . 2012-06-15 19:19 -------- d-----w- c:\programdata\ATI

2012-06-15 16:59 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-06-15 16:58 . 2012-07-11 08:46 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-06-14 17:44 . 2012-06-14 17:44 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-06-14 13:39 . 2012-06-30 10:24 -------- d-----w- c:\users\Diana\AppData\Roaming\Vso

2012-06-12 19:05 . 2012-07-11 08:47 -------- d-----w- c:\program files\Speccy

2012-06-12 18:37 . 2012-04-03 14:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-12 18:35 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-12 18:35 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-12 18:35 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-12 18:35 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-12 18:34 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-12 18:34 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-12 18:34 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-12 18:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 18:34 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-12 18:34 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-12 18:34 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 18:34 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 18:34 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-12 18:34 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 18:34 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-12 18:34 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 20:23 . 2011-11-21 20:03 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-11 20:23 . 2011-11-21 19:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-11 20:23 . 2011-11-21 19:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-06-25 17:38 . 2011-12-26 14:55 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat

2012-06-25 17:38 . 2011-12-26 14:55 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-06-23 20:02 . 2012-04-01 15:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 20:02 . 2011-11-20 20:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-22 18:29 . 2012-01-15 15:50 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-17 08:17 . 2011-11-21 19:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-06-02 22:19 . 2012-06-09 20:41 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-09 20:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-09 20:42 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-09 20:42 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-09 20:41 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-09 20:42 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-09 20:41 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-09 20:41 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-09 20:41 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-01 21:18 . 2012-06-01 21:18 41224 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-11_17.35.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-30 05:38 . 2012-07-12 07:46 74802 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-12 07:46 40428 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-11-20 18:04 . 2012-07-12 07:46 17576 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3476176345-4275865163-1462088770-1001_UserData.bin

- 2009-07-14 05:30 . 2012-06-28 10:20 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-07-11 18:25 86016 c:\windows\system32\DriverStore\infpub.dat

- 2011-05-23 00:03 . 2011-05-23 00:03 48992 c:\windows\system32\DriverStore\FileRepository\avgfwfd6.inf_amd64_neutral_ae1e76d52507ef34\avgfwd6a.sys

+ 2011-05-22 23:03 . 2011-05-22 23:03 48992 c:\windows\system32\DriverStore\FileRepository\avgfwfd6.inf_amd64_neutral_ae1e76d52507ef34\avgfwd6a.sys

+ 2011-09-13 04:30 . 2011-09-13 04:30 37456 c:\windows\system32\drivers\avgrkx64.sys

+ 2011-08-08 04:08 . 2011-08-08 04:08 46672 c:\windows\system32\drivers\avgmfx64.sys

+ 2011-07-10 23:14 . 2011-07-10 23:14 29776 c:\windows\system32\drivers\AVGIDSFilter.sys

+ 2011-07-10 23:14 . 2011-07-10 23:14 26704 c:\windows\system32\drivers\AVGIDSEH.sys

+ 2011-05-22 23:03 . 2011-05-22 23:03 48992 c:\windows\system32\drivers\avgfwd6a.sys

+ 2009-07-14 04:46 . 2012-07-11 17:45 94528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-26 22:02 . 2012-07-11 18:06 6452 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-07-11 17:35 . 2012-07-11 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-12 08:06 . 2012-07-12 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-12 08:06 . 2012-07-12 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-11 17:35 . 2012-07-11 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-21 01:52 . 2012-07-12 07:47 748340 c:\windows\system32\perfh013.dat

- 2011-11-21 01:52 . 2012-07-11 14:42 748340 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-07-12 07:47 657134 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-11 14:42 657134 c:\windows\system32\perfh009.dat

- 2011-11-21 01:52 . 2012-07-11 14:42 154446 c:\windows\system32\perfc013.dat

+ 2011-11-21 01:52 . 2012-07-12 07:47 154446 c:\windows\system32\perfc013.dat

- 2009-07-14 02:36 . 2012-07-11 14:42 122906 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-07-12 07:47 122906 c:\windows\system32\perfc009.dat

- 2009-07-14 05:30 . 2012-06-28 10:20 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-07-11 18:25 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-07-11 18:25 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2012-06-28 10:19 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-07-10 23:14 . 2011-07-10 23:14 375376 c:\windows\system32\drivers\avgtdia.sys

+ 2011-10-07 04:23 . 2011-10-07 04:23 283728 c:\windows\system32\drivers\avgldx64.sys

+ 2011-07-10 23:14 . 2011-07-10 23:14 120400 c:\windows\system32\drivers\AVGIDSDriver.sys

+ 2009-07-14 05:01 . 2012-07-12 08:05 482316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-11 17:34 482316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-12-05 21:36 . 2012-07-12 08:05 1794312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-12-05 21:36 . 2012-07-11 17:34 1794312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-11-20 21:27 . 2012-07-11 20:37 4191694 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476176345-4275865163-1462088770-1001-12288.dat

+ 2012-07-11 18:23 . 2012-07-11 18:23 7629312 c:\windows\Installer\10ea4d.msi

+ 2012-07-11 18:24 . 2012-07-11 18:24 2871808 c:\windows\Installer\10ea42.msi

+ 2011-11-20 21:27 . 2012-07-12 08:05 14293332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476176345-4275865163-1462088770-1001-8192.dat

- 2011-11-20 21:27 . 2012-07-11 17:34 14293332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476176345-4275865163-1462088770-1001-8192.dat

+ 2011-11-20 21:27 . 2012-07-12 08:05 42274184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3476176345-4275865163-1462088770-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-05-07 1073312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 ALSysIO;ALSysIO;c:\users\Diana\AppData\Local\Temp\ALSysIO64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 getbus;getbus;c:\users\Diana\AppData\Local\Temp\getbus.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-20 1255736]

R4 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]

R4 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]

R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 26704]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-10 375376]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-06-01 41224]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-11-09 1677072]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-06-20 468848]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-06-20 384880]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 120400]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 29776]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-14 283200]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-01-04 413800]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:02]

.

2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 20:10]

.

2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 20:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.nederland.fm/

uLocal Page = c:\windows\SYSTEM32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\sidzk657.default\

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3476176345-4275865163-1462088770-1001\Software\SecuROM\License information*]

"datasecu"=hex:b6,45,79,a8,1a,0e,6a,c6,23,d6,4c,35,26,95,68,3f,4c,59,eb,84,69,

58,a3,0e,91,d8,00,26,bd,43,4d,79,3b,00,39,d7,e8,1a,d7,eb,e0,ff,7d,50,6c,f9,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-12 10:10:30 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-12 08:10

.

Pre-Run: 293.664.706.560 bytes beschikbaar

Post-Run: 293.597.556.736 bytes beschikbaar

.

- - End Of File - - 1F0DED43702E050A91124BBF6FA296E3

aangepast door jaap136
Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.