Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Dit is niet helemaal goed gelopen. Het tekstbestandje dat je hebt aangemaakt c:\users\UGent\Desktop\CFScript mist de extensie .txt ... en dan werkt deze procedure niet. Bedoeling is dat je het opslaat als CFScript.txt en dan IN de rode snelkoppeling van Combofix sleept. Wil je het nog eens op deze wijze herhalen.

  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

ComboFix 12-10-31.03 - UGent 01/11/2012 12:05:45.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3895.2507 [GMT 1:00]

Gestart vanuit: c:\users\UGent\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\UGent\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-01 to 2012-11-01 ))))))))))))))))))))))))))))))

.

.

2012-11-01 11:15 . 2012-11-01 11:15 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-11-01 11:15 . 2012-11-01 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-01 11:15 . 2012-11-01 11:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-10-31 21:36 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D636F5B2-E28D-47E9-80F5-9756BAE93228}\mpengine.dll

2012-10-30 20:12 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-30 19:05 . 2012-10-31 19:20 -------- d-----w- c:\users\UGent\AppData\Roaming\dvdcss

2012-10-29 16:16 . 2012-10-29 16:16 -------- d-----w- c:\users\UGent\AppData\Roaming\Malwarebytes

2012-10-29 16:15 . 2012-10-29 16:15 -------- d-----w- c:\programdata\Malwarebytes

2012-10-29 16:15 . 2012-10-29 16:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-29 16:15 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-27 22:17 . 2012-10-27 22:17 388096 ----a-r- c:\users\UGent\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-27 22:17 . 2012-10-27 22:17 -------- d-----w- c:\program files (x86)\Trend Micro

2012-10-25 18:14 . 2012-10-25 18:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-10-24 15:41 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-10-24 15:40 . 2012-10-24 15:40 -------- d-----w- c:\program files\iPod

2012-10-24 15:40 . 2012-10-24 15:41 -------- d-----w- c:\program files\iTunes

2012-10-24 15:40 . 2012-10-24 15:41 -------- d-----w- c:\program files (x86)\iTunes

2012-10-24 15:37 . 2012-10-24 15:37 -------- d-----w- c:\program files\Bonjour

2012-10-24 15:37 . 2012-10-24 15:37 -------- d-----w- c:\program files (x86)\Bonjour

2012-10-21 21:16 . 2012-10-21 21:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-10-21 21:16 . 2012-10-21 21:16 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-10-19 21:02 . 2012-09-28 17:19 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40ADF4E5-3652-48FE-AF75-D050AE2F6695}\gapaengine.dll

2012-10-10 17:23 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-28 17:19 . 2012-06-13 19:21 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-30 20:03 . 2010-10-24 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-24 18:05 . 2012-09-22 14:37 1197568 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-22 14:37 1501696 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-22 14:37 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-22 14:37 1026560 ----a-w- c:\windows\system32\mstime.dll

2012-08-24 18:02 . 2012-09-22 14:37 9375744 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:02 . 2012-09-22 14:37 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:02 . 2012-09-22 14:37 736256 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:02 . 2012-09-22 14:37 82944 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-24 18:02 . 2012-09-22 14:37 57856 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 18:02 . 2012-09-22 14:37 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:01 . 2012-09-22 14:37 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:01 . 2012-09-22 14:37 2458624 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 18:01 . 2012-09-22 14:37 12404736 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:01 . 2012-09-22 14:37 256000 ----a-w- c:\windows\system32\iepeers.dll

2012-08-24 18:01 . 2012-09-22 14:37 445952 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-24 17:59 . 2012-09-22 14:37 12288 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-24 17:10 . 2012-09-22 14:37 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 17:08 . 2012-09-22 14:37 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-24 16:45 . 2012-09-22 14:37 482816 ----a-w- c:\windows\system32\html.iec

2012-08-24 16:02 . 2012-09-22 14:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 16:01 . 2012-09-22 14:37 386048 ----a-w- c:\windows\SysWow64\html.iec

2012-08-24 15:27 . 2012-09-22 14:37 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-21 11:01 . 2010-10-11 14:28 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 11:01 . 2010-10-11 14:28 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-19 20:52 . 2012-08-19 20:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-08-19 20:52 . 2012-08-19 20:52 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-08-10 17:54 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-04 740216]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]

"Spotify"="c:\users\UGent\AppData\Roaming\Spotify\Spotify.exe" [2012-10-31 7880664]

"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-11-07 67456]

"Spotify Web Helper"="c:\users\UGent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-31 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-21 296056]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\users\UGent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"AlwaysShowClassicMenu"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R3 a320raid;a320raid;c:\windows\system32\DRIVERS\a320raid.sys [2005-03-25 376320]

R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\DRIVERS\bxdiaga.sys [2009-12-17 89128]

R3 d554bus;Dell Wireless 5540 HSPA Mini-Card Device driver (WDM);c:\windows\system32\DRIVERS\d554bus.sys [2009-11-16 118272]

R3 d554gps;Dell Wireless 5540 HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys [2009-11-16 96296]

R3 d554mgmt;DellWireless5540 HSPA Mini-Card Device Management Drivers (WDM);c:\windows\system32\DRIVERS\d554mgmt.sys [2009-11-16 141312]

R3 d554unic;Dell Wireless 5540 HSPA Mini-Card Network Adapter (WDM);c:\windows\system32\DRIVERS\d554unic.sys [2009-11-16 153600]

R3 d557bus;Dell Wireless 5540 HSPA Mini-Card Device (Win7);c:\windows\system32\DRIVERS\d557bus.sys [2009-11-16 328704]

R3 d557mgmt;Dell Wireless 5540 HSPA Mini-Card Device Management (Win7);c:\windows\system32\DRIVERS\d557mgmt.sys [2009-11-16 376320]

R3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\System32\Drivers\wwuss64.sys [2009-11-16 12800]

R3 ecnssndisfltr;SSNDIS filter service;c:\windows\System32\Drivers\wwussf64.sys [2009-11-16 17408]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-05 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 21616]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2009-03-03 89600]

S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-06 191896]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 27760]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-01 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-02-21 08:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-09 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-09 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-09 414744]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 432368]

"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 261872]

"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2009-07-08 981232]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

Trusted Zone: ugent.be\athena

Trusted Zone: ugent.be\athenax

Trusted Zone: ugent.be\bthena

Trusted Zone: ugent.be\bthenax

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\UGent\AppData\Roaming\Mozilla\Firefox\Profiles\dnwrv5pw.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - facebook.com|google.com|minerva.ugent.be

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-09-08 23:29; {ABDE892B-13A8-4d1b-88E6-365A6E755758}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - ExtSQL: 2012-09-25 21:56; {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}; c:\users\UGent\AppData\Roaming\Mozilla\Firefox\Profiles\dnwrv5pw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AD7DA6D0-C8A5-2AB7-AFAFBAF6CCA2EFA4}\{BFF22B84-84BD-C376-CF902D4CFF2D2B8A}\{C30500AE-8022-F8A1-791309212C4775E7}*]

"J6LUTEVR24DWS6LBRK5JBJYX6E1"=hex:01,00,01,00,00,00,00,00,64,ee,da,6f,cf,9a,c5,

9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-11-01 12:33:37

ComboFix-quarantined-files.txt 2012-11-01 11:33

ComboFix2.txt 2012-10-31 19:28

ComboFix3.txt 2012-10-30 17:36

.

Pre-Run: 137.179.713.536 bytes beschikbaar

Post-Run: 137.122.930.688 bytes beschikbaar

.

- - End Of File - - A16624A741E396255851C4C669F08966

Geplaatst:

Ga in Firefox rechtsboven naar het zoekvak. Klik op het pijltje om alle zoekmachines te tonen. Zit daar MyStart/Incredibar bij ? Zo ja, ga via "zoekmachines beheren" naar het overzicht en verwijder daar de boosdoener.

Geplaatst:

Daar stond hij inderdaad tussen, heb hem verwijderd en firefox nog is opnieuw opgestart. Nu staat hij dus niet meer bij de zoekmachines maar blijft toch als tabblad starten.

Geplaatst:

Dat is al iets, nu de volgende stap proberen. Typ in de URL-balk van Firefox de opracht about:config. Zoek dan in het overzicht naar browser.newtab.url. Indien daar MyStart/Incredibar aanwezig is, mag je dat vervangen door een andere zoekmachine naar keuze (bvb. www. google. be of elke andere).

Geplaatst:

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Ga nu terug naar “Systeembeveiliging” en maak meteen een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.
  • Kies voor “Maken”. Geef het herstelpunt een eigen naam en klik op “Maken”.
  • Herstart nu de PC.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.