Ga naar inhoud

rundll32 werkt niet

jacob wisse
 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
  • 2 weken later...
jacob wisse Groentje

jacob wisse

Geplaatst:
  • Auteur
Geplaatst:

Beste KweezieWabbit,

Hartelijk dankvoor je advies. Ik heb Combofix 12 gedownload en de besmetting is weg! Hetbericht ““Windows-hostproces (Rundell32)werkt niet meer” verschijnt niet meer.

Het lijkt er opdat het Windows-vista programma een beetje is beschadigd. Zo af en toe blijfter wat hangen. Zo was het gisteren lastig Word op te starten, vandaag wilde dePC niet starten en er draaide automatisch een Windows reparatie programma. Hetberichtte: “Root cause found: Unspecified changes to system configuration mighthave caused problem”. Vervolgenswerd Norton antivirus uitgeschakeld en verscheen het bericht “reparatie invoortgang. Alles schijnt weer te werken. Mijn Norton 360 premier edition geeftblijkbaar niet afdoende bescherming. Is het verstandig om elk weekend CCleanerte draaien? Elke keer verwijderd deze circa 1,8 Mb.

Hartelijk dankMet vriendelijkegroet,

Jacob

Hier volgt de logfile:

ComboFix 12-11-28.02 - Jacob 11/28/2012 17:10:51.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1791.937 [GMT1:00]

Gestart vanuit:c:\users\Jacob\Desktop\Desktop\ComboFix.exe

AV: Norton 360 Premier Edition *Disabled/Updated*{63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 Premier Edition *Disabled*{5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 Premier Edition *Disabled/Updated*{D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated*{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\BrowserCompanion

c:\program files\BrowserCompanion\blabbers-ch.crx

c:\program files\BrowserCompanion\blabbers-ff-full.xpi

c:\program files\BrowserCompanion\jsloader.dll

c:\program files\BrowserCompanion\logo.ico

c:\program files\BrowserCompanion\tdataprotocol.dll

c:\program files\BrowserCompanion\terms.lnk.url

c:\program files\BrowserCompanion\toolbar.dll

c:\program files\BrowserCompanion\uninstall.exe

c:\program files\BrowserCompanion\updatebhoWin32.dll

c:\program files\BrowserCompanion\updater.ini

c:\program files\BrowserCompanion\widgetserv.exe

c:\program files\CiscoConnect.E1000.1.3.11069.2.exe

c:\programdata\ntuser.dat

c:\windows\IsUn0413.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\roboot.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-28 ))))))))))))))))))))))))))))))

.

.

2012-11-28 18:09 . 2012-11-28 18:18 -------- d-----w- c:\users\Jacob\AppData\Local\temp

2012-11-28 18:09 . 2012-11-28 18:09 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-11-28 18:09 . 2012-11-28 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-28 13:02 . 2012-11-28 13:02 -------- d-----w- c:\program files\Conduit

2012-11-28 13:02 . 2012-11-28 13:02 -------- d-----w- c:\users\Jacob\AppData\Local\Conduit

2012-11-28 13:02 . 2012-11-28 13:02 -------- d-----w- c:\program files\FileConverter_1.4

2012-11-27 08:45 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\WindowsDefender\Definition Updates\{3734B289-A279-4D38-B082-26C6AD1ADB3C}\mpengine.dll

2012-11-26 16:02 . 2012-11-26 16:02 -------- d-----w- c:\programdata\HEMA Fotoservice

2012-11-24 16:02 . 2012-11-24 16:02 -------- d-----w- c:\program files\CCleaner

2012-11-24 16:01 . 2012-11-28 15:58 -------- d-----w- c:\users\Jacob\AppData\Roaming\BrowserCompanion

2012-11-24 15:59 . 2012-11-24 15:59 -------- d-----w- c:\program files\Vittalia

2012-11-23 18:39 . 2012-11-23 18:39 -------- d-----w- c:\program files\Microsoft Silverlight

2012-11-20 10:18 . 2012-11-20 10:18 -------- d-----w- c:\users\Jacob\AppData\Roaming\Malwarebytes

2012-11-20 10:17 . 2012-11-20 10:17 -------- d-----w- c:\programdata\Malwarebytes

2012-11-20 10:17 . 2012-11-20 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-20 10:17 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-19 20:35 . 2012-11-19 20:35 388096 ----a-r- c:\users\Jacob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-19 20:35 . 2012-11-19 20:35 -------- d-----w- c:\program files\Trend Micro

2012-11-18 13:22 . 2012-11-26 19:15 -------- d-----w- c:\program files\Nero

2012-11-16 12:16 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-16 12:15 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-11-13 18:14 . 2012-11-14 00:49 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-11-12 12:04 . 2012-11-12 12:04 -------- d-----w- c:\users\Jacob\AppData\Roaming\PC Cleaners

2012-11-12 12:04 . 2012-11-12 12:03 4588344 ----a-w- c:\windows\uninst.exe

2012-11-12 12:04 . 2012-11-14 18:48 -------- d-----w- c:\users\Jacob\AppData\Roaming\PCPro

2012-11-12 12:04 . 2012-11-12 12:04 -------- d-----w- c:\programdata\PC1Data

2012-11-10 10:03 . 2012-11-13 18:17 -------- d-----w- c:\users\Jacob\AppData\Roaming\TuneUp Software

2012-11-10 10:01 . 2012-11-13 18:17 -------- d-----w- c:\programdata\TuneUp Software

2012-11-10 10:00 . 2012-11-14 00:49 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-11-09 17:22 . 2012-11-22 10:12 -------- d-----w- c:\users\Jacob\AppData\Roaming\Systweak

2012-11-09 13:24 . 2012-11-09 13:24 -------- d-----w- c:\users\Jacob\AppData\Roaming\DriverCure

2012-11-09 13:23 . 2012-11-09 13:23 -------- d-----w- c:\users\Jacob\AppData\Roaming\PC UnleashedOnline

2012-11-09 13:23 . 2012-11-12 11:29 -------- d-----w- c:\programdata\PC Unleashed Online

2012-11-09 11:24 . 2012-11-09 11:24 -------- d-----w- c:\users\Jacob\AppData\Local\ElevatedDiagnostics

2012-11-08 13:04 . 2012-11-08 13:04 -------- d-----w- c:\program files\USB_video_device

2012-11-08 13:04 . 2011-03-10 01:06 1038080 ----a-w- c:\windows\system32\drivers\emOEM.sys

2012-11-08 13:04 . 2011-03-10 01:05 608128 ----a-w- c:\windows\system32\drivers\emBDA.sys

2012-11-08 13:04 . 2011-03-06 18:37 81920 ----a-w- c:\windows\emMON.exe

2012-11-08 13:04 . 2011-03-06 18:19 114176 ----a-w- c:\windows\system32\emPRP.ax

2012-11-08 09:08 . 2012-05-31 11:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-07 17:11 . 2012-11-08 15:16 -------- d-----w- c:\users\Public\CyberLink

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-09 14:02 . 2012-04-12 09:14 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-09 14:02 . 2011-06-19 08:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 17:05 . 2012-10-09 17:05 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-09-13 13:28 . 2012-10-10 10:41 2048 ----a-w- c:\windows\system32\tzres.dll

2011-06-25 19:19 . 2011-06-25 19:22 22860592 ----a-w- c:\program files\CommonFiles\CiscoConnect.E1000.1.3.11069.2.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* legeverwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\URLSearchHooks]

"{296aa17d-c89e-4242-a5a4-44bfe76914a2}"="c:\program files\FileConverter_1.4\prxtbFile.dll" [2011-05-09176936]

.

[HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

.

[HKEY_LOCAL_MACHINE\~\Browser HelperObjects\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

2011-05-09 08:49 176936 ----a-w- c:\programfiles\FileConverter_1.4\prxtbFile.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Toolbar]

"{296aa17d-c89e-4242-a5a4-44bfe76914a2}"="c:\program files\FileConverter_1.4\prxtbFile.dll" [2011-05-09176936]

.

[HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

.

[HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Toolbar\Webbrowser]

"{296AA17D-C89E-4242-A5A4-44BFE76914A2}"="c:\program files\FileConverter_1.4\prxtbFile.dll" [2011-05-09176936]

.

[HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe"[2008-01-19 125952]

"Device Detection"="c:\program files\HEMAFotoservice\dd.exe" [2012-10-26 801424]

"WMPNSCFG"="c:\program files\Windows MediaPlayer\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware AbstractionLayer"="KHALMNPR.EXE "[X]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-204493312]

"IntelliPoint"="c:\program files\MicrosoftIntelliPoint\ipoint.exe" [2009-11-05 1468256]

"EMET Notifier"="c:\programfiles\EMET\EMET_notifier.exe" [2012-05-09 152152]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe"[2001-07-09 155648]

.

c:\users\Jacob\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\

tcbhn.lnk -c:\users\Jacob\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-6-28 695448]

.

c:\programdata\Microsoft\Windows\StartMenu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\DigitalImaging\bin\hpqtra08.exe [2007-3-11 210520]

Logitech SetPoint.lnk - c:\programfiles\Logitech\SetPoint\SetPoint.exe [2012-3-1 692224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\PDFCON~1\24897~1.175\{16CDF~1\apmmngr.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^StartMenu^Programs^Startup^Empowering Technology Launcher.lnk]

path=c:\programdata\Microsoft\Windows\StartMenu\Programs\Startup\Empowering Technology Launcher.lnk

backup=c:\windows\pss\Empowering TechnologyLauncher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^StartMenu^Programs^Startup^HP Setup.lnk]

path=c:\programdata\Microsoft\Windows\StartMenu\Programs\Startup\HP Setup.lnk

backup=c:\windows\pss\HP Setup.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\Acer Empowering Technology Monitor]

2007-07-31 14:25 326176 ----a-w- c:\acer\EmpoweringTechnology\SysMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\eDataSecurity Loader]

2007-04-25 14:33 457216 ----a-w- c:\acer\EmpoweringTechnology\eDataSecurity\eDSLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\PCMMediaSharing]

2007-06-21 16:33 204908 ----a-w- c:\programfiles\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\RtHDVCpl]

2007-06-20 08:56 4493312 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 10:35 90112 ----a-w- c:\programfiles\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\Symantec PIF AlertEng]

2008-01-29 16:38 583048 ----a-w- c:\programfiles\Common Files\SymantecShared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\WarReg_PopUp]

2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\programfiles\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files\HP\HPSoftware Update\HPWuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\securitycenter\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\securitycenter\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 Acer HomeMedia Connect Service;Acer HomeMedia ConnectService;c:\program files\Acer Arcade Live\Acer HomeMediaConnect\Kernel\DMS\CLMSServer.exe [x]

S2 Acer TV Share Service;Acer TV Share Service;c:\programfiles\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\svchost]

HPZ12 REG_MULTI_SZ PmlDriver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de'Gedeelde Taken' map

.

2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe[2012-04-12 14:02]

.

.

------- Bijkomende Scan -------

.

uStart Page =hxxp://search.conduit.com?SearchSource=10&ctid=CT3241951

uSearchMigratedDefaultURL =hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 88.159.60.32:80

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver -c:\windows\system32\GPhotos.scr/200

IE:E&xporteren naar Microsoft Excel -c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP:DhcpNameServer = 88.159.1.200 88.159.1.201

.

- - - - ORPHANSVERWIJDERD - - - -

.

Toolbar-10 - (no file)

HKU-Default-Run-Acer Tour Reminder -c:\acer\AcerTour\Reminder.exe

MSConfigStartUp-Acer Tour Reminder -c:\acer\AcerTour\Reminder.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\programfiles\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-Apanel - c:\acersw\config\SetApanel.cmd

MSConfigStartUp-ccApp - c:\program files\CommonFiles\Symantec Shared\ccApp.exe

MSConfigStartUp-HP CD-DVD - c:\program files\HPCD-DVD\Umbrella\hpcdtray.exe

MSConfigStartUp-osCheck - c:\program files\Norton InternetSecurity\osCheck.exe

AddRemove-BrowserCompanion - c:\programfiles\BrowserCompanion\uninstall.exe

AddRemove-KramersDeinstallKey - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malwaredetector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-11-28 19:17

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen vanverborgen processen ...

.

scannen vanverborgen autostart items ...

.

scannen vanverborgen bestanden ...

.

Scan succesvolafgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m\"c:\program files\Norton 360 PremierEdition\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

.

---------------------VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2)(LocalSystem)

"Progid"="ACDSee 9.0.032"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ani"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bay"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.bmp"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bw"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.cr2"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.crw"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cs1"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cur"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.dcr"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dcx"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dib"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djv"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djvu"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.dng"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.emf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.eps"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.erf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fff"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fpx"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.gif"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icl"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icn"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ico"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iff"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ilbm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.int"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.inta"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iw4"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2c"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2k"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jfif"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jif"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jp2"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpc"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2)(LocalSystem)

@Denied: (2)(S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee9.0.jpe"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2)(LocalSystem)

@Denied: (2)(S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee9.0.jpeg"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2)(S-1-5-21-428641130-2558392838-3062593855-1000)

@Denied: (2)(LocalSystem)

"Progid"="ACDSee9.0.jpg"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpk"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpx"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.lbm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mos"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.mrw"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.nef"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.orf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pbm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcd"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pct"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcx"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.pef"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pgm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pic"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pict"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pix"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.png"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ppm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psd"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psp"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.raf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ras"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.raw"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgb"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgba"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rle"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rsb"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sgi"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.sr2"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.srf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.tga"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.thm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.tif"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-428641130-2558392838-3062593855-1000)

"Progid"="ACDSee 9.0.tiff"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttc"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9o"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9p"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9pf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbmp"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wmf"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xbm"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xif"

.

[HKEY_USERS\S-1-5-21-428641130-2558392838-3062593855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xpm"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2012-11-28 20:49:25

ComboFix-quarantined-files.txt 2012-11-28 19:47

.

Pre-Run: 128,915,255,296bytes beschikbaar

Post-Run:128,550,039,552 bytes beschikbaar

.

- - End Of File - - A5EF2E1ACC7F4793CB052BED62A90D79

Link naar reactie
Delen op andere sites
jacob wisse Groentje

jacob wisse

Geplaatst:
  • Auteur
Geplaatst:

Ik heb het volgende bericht geprobeerd op te sturen maar de browsr hikte. Nogmaals:

Bij het afspelen van een vidoe omet windows media player krijg ik toch weer het bericht "windows host proces rundll32 werkt niet "! De details:Probleemhandtekening:

Gebeurtenisnaamvan probleem: APPCRASH

Naam van detoepassing: RunDLL32.exe

Versie vantoepassing: 6.0.6000.16386

Tijdstempel vantoepassing: 4549b0e1

Naam vanfoutmodule: StackHash_1703

Versie vanfoutmodule: 0.0.0.0

Tijdstempel vanfoutmodule: 00000000

Uitzonderingscode: c0000005

Uitzonderingsmarge: 00e1a8ed

Versie vanbesturingssysteem: 6.0.6002.2.2.0.768.3

Landinstelling-id: 1033

Aanvullendeinformatie 1: 1703

Aanvullendeinformatie 2: 2264db07e74365624c50317d7b856ae9

Aanvullendeinformatie 3: 1344

Aanvullendeinformatie 4: 875fa2ef9d2bdca96466e8af55d1ae6e

We zijn er dus nog niet!

Jacob

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\users\Jacob\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ tcbhn.lnk

Folder::

c:\program files\Conduit

c:\users\Jacob\AppData\Local\Conduit

c:\program files\FileConverter_1.4

c:\users\Jacob\AppData\Roaming\BrowserCompanion

c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

[-HKEY_LOCAL_MACHINE\~\Browser HelperObjects\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

[-HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{296aa17d-c89e-4242-a5a4-44bfe76914a2}]

DDS::

uStart Page =hxxp://search.conduit.com?SearchSource=10&ctid=CT3241951

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
  • 3 weken later...
jacob wisse Groentje

jacob wisse

Geplaatst:
  • Auteur
Geplaatst:

Beste Kape,

Hartelijk dank voor je advies van 16 december.

- Enkele malen wildede PC niet opstarten en werd startup repair uitgevoerd.

- Op waren eronverwachte afsluitingen Nog steeds verschijnt “rundll32 werkt niet meer.

- Het onderdeelNerovision van Nero 12 start nu in eens wel op; Nero express kan nu geen CDbranden.

Vragen:

- Het lukt niet defiles (78 kB) op jullie website te plaatsen. Steeds gooit jullie server : mijer af: het duurt te lang; ik heb het op een HP laptop geprobeerd, die meldde “ wiltU doorgaan met deze script? De browser wordt hierdoor zeer langzaam of sluit”.Ook op een andere PC duurde het te lang voor jullie server. Voor de tekst vande files, zie je mail aan mij van 12/23/2012/ 0900 pm.

- Zal ik mijn PCopnieuw programmeren? Dan ben ik toch alle infecties kwijt?

- Welke antivirusscanners zal ik dan installeren? Norton heeft nu een besmetting doorgelaten.

Logs:

de logs in de mail zijn van:

- Crash op 16-12

- Onverwachteafsluiting

- Bij het verzendenvan deze reactie is de verbinding slecht

- Combofix metCFScript op 16-12

- Scan met malware dd16-12

- Combofix metCFScript op 19-12

- Details bij rundll32werkt niet

Metvriendelijke groet

JacobWisse

Link naar reactie
Delen op andere sites
jacob wisse Groentje

jacob wisse

Geplaatst:
  • Auteur
Geplaatst:

Beste Kape,

de volgende foutmelding helpt misschien:

Zie het einde vandit bericht voor meer informatie over het aanroepen

vanJIT-foutopsporing (Just In Time) in plaats van dit dialoogvenster.

**************Tekst van uitzondering **************

System.ArgumentException:Besturingselementen die zijn gemaakt voor de ene thread kunnen niet hetbovenliggende item zijn van een besturingselement op een andere thread.

bijSystem.Windows.Forms.Control.ControlCollection.Add(Control value)

bijWDSmartWare.Panels.HomePanel1.AddWdDevice(WDDevice device)

bijWDSmartWare.Panels.HomePanel1.AddWdDevices()

bijWDSmartWare.Panels.HomePanel1.CreateEcosystem()

bijWDSmartWare.Panels.HomePanel1.OnShown()

bijWDSmartWare.TabbedForm.OnShown(Object sender, EventArgs e)

bijSystem.Windows.Forms.Form.OnShown(EventArgs e)

bijSystem.Windows.Forms.Form.CallShownEvent()

bijSystem.Windows.Forms.Control.InvokeMarshaledCallbackDo(ThreadMethodEntry tme)

bijSystem.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Object obj)

bijSystem.Threading.ExecutionContext.runTryCode(Object userData)

bijSystem.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCodecode, CleanupCode backoutCode, Object userData)

bijSystem.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext,ContextCallback callback, Object state)

bijSystem.Threading.ExecutionContext.Run(ExecutionContext executionContext,ContextCallback callback, Object state)

bijSystem.Windows.Forms.Control.InvokeMarshaledCallback(ThreadMethodEntry tme)

bijSystem.Windows.Forms.Control.InvokeMarshaledCallbacks()

************** Geladen assembly's **************

mscorlib

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4234 (VistaSP2GDR.050727-4200)

CodeBase:file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll

----------------------------------------

WDSmartWare

Assembly-versie:1.2.0.8

Win32-versie:1.2.0.8

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/WDSmartWare.exe

----------------------------------------

System.Windows.Forms

Assembly-versie: 2.0.0.0

Win32-versie: 2.0.50727.4228(VistaSP2GDR.050727-4200)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll

----------------------------------------

System

Assembly-versie: 2.0.0.0

Win32-versie: 2.0.50727.4234(VistaSP2GDR.050727-4200)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll

----------------------------------------

System.Drawing

Assembly-versie: 2.0.0.0

Win32-versie: 2.0.50727.4230(VistaSP2GDR.050727-4200)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll

----------------------------------------

mscorlib.resources

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4234 (VistaSP2GDR.050727-4200)

CodeBase:file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll

----------------------------------------

System.Drawing.resources

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System.Drawing.resources/2.0.0.0_nl_b03f5f7f11d50a3a/System.Drawing.resources.dll

----------------------------------------

Tanagra.DataClad

Assembly-versie:2.0.0.1

Win32-versie:2.0.0.1

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/Tanagra.DataClad.DLL

----------------------------------------

System.Xml

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll

----------------------------------------

Tanagra.Utility

Assembly-versie:2.0.0.0

Win32-versie:2.0.0.0

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/Tanagra.Utility.DLL

----------------------------------------

System.Configuration

Assembly-versie: 2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll

----------------------------------------

Memeo.API

Assembly-versie:1.0.0.0

Win32-versie:1.0.0.0

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/Memeo.API.DLL

----------------------------------------

XMLSettings

Assembly-versie:1.0.0.0

Win32-versie:1.0.0.0

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/XMLSettings.DLL

----------------------------------------

Microsoft.VisualBasic

Assembly-versie: 8.0.0.0

Win32-versie: 8.0.50727.4016(NetFxQFE.050727-4000)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll

----------------------------------------

System.Management

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System.Management/2.0.0.0__b03f5f7f11d50a3a/System.Management.dll

----------------------------------------

Tanagra.DataClad.DataAccess

Assembly-versie:2.0.0.1

Win32-versie:2.0.0.1

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/Tanagra.DataClad.DataAccess.DLL

----------------------------------------

System.Data

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase:file:///C:/Windows/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll

----------------------------------------

System.Runtime.Remoting

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase:file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll

----------------------------------------

Tanagra.BMU

Assembly-versie: 2.0.0.0

Win32-versie: 2.0.0.0

CodeBase: file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/Tanagra.BMU.DLL

----------------------------------------

System.ServiceProcess

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.ServiceProcess/2.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll

----------------------------------------

Tanagra.Interop

Assembly-versie: 2.0.0.0

Win32-versie: 2.0.0.0

CodeBase: file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/Tanagra.Interop.DLL

----------------------------------------

SQLite.NET

Assembly-versie:0.22.0.0

Win32-versie:0.22.0.0

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/SQLite.NET.DLL

----------------------------------------

Tanagra.BMU.Providers.HardDiskBackupProvider

Assembly-versie:2.0.0.0

Win32-versie:2.0.0.0

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/providers/Tanagra.BMU.Providers.HardDiskBackupProvider.dll

----------------------------------------

Tanagra.BMU.Providers.FileCopyBackupProvider

Assembly-versie:2.0.0.0

Win32-versie:2.0.0.0

CodeBase:file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/providers/Tanagra.BMU.Providers.FileCopyBackupProvider.DLL

----------------------------------------

Tanagra.Third-party.Security

Assembly-versie:2.0.0.0

Win32-versie:2.0.0.0

CodeBase: file:///C:/Program%20Files/Western%20Digital/WD%20SmartWare/Front%20Parlor/Tanagra.Third-party.Security.DLL

----------------------------------------

System.Web

Assembly-versie: 2.0.0.0

Win32-versie: 2.0.50727.4223(VistaSP2GDR.050727-4200)

CodeBase:file:///C:/Windows/assembly/GAC_32/System.Web/2.0.0.0__b03f5f7f11d50a3a/System.Web.dll

----------------------------------------

zw5auya0

Assembly-versie: 1.2.0.8

Win32-versie: 2.0.50727.4234(VistaSP2GDR.050727-4200)

CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll

----------------------------------------

System.Windows.Forms.resources

Assembly-versie:2.0.0.0

Win32-versie:2.0.50727.4016 (NetFxQFE.050727-4000)

CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_nl_b77a5c561934e089/System.Windows.Forms.resources.dll

----------------------------------------

**************JIT-foutopsporing **************

Als uJIT-foutopsporing wilt inschakelen, moet in het configuratiebestand voor deze

toepassing ofcomputer (machine.config) de waarde

jitDebugging inhet gedeelte system.windows.forms zijn ingesteld.

De toepassingmoet ook zijn gecompileerd terwijl foutopsporing

was ingeschakeld.

Bijvoorbeeld:

<configuration>

<system.windows.formsjitDebugging="true" />

</configuration>

WanneerJIT-foutopsporing is ingeschakeld, worden onverwerkte uitzonderingen

naar hetJIT-foutopsporingsprogramma gestuurd dat op de computer is geregistreerd

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.