Ga naar inhoud

hijackhislogje

misteragga
 Delen

Aanbevolen berichten

misteragga Veteraan

misteragga

Geplaatst:
  • Auteur
Geplaatst:

combofixlog.

ComboFix 12-12-28.01 - Brian 28-12-2012 12:13:53.14.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2636 [GMT 1:00]

Gestart vanuit: c:\users\Brian\Desktop\ComboFix.exe

AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-28 ))))))))))))))))))))))))))))))

.

.

2012-12-28 11:18 . 2012-12-28 11:18 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-12-28 11:18 . 2012-12-28 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-21 00:27 . 2012-12-21 00:29 -------- d-----r- c:\users\Brian\SkyDrive

2012-12-21 00:27 . 2012-12-21 00:27 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive

2012-12-21 00:27 . 2012-12-21 00:27 -------- d-----w- c:\programdata\Microsoft SkyDrive

2012-12-20 19:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-20 19:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-20 19:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-20 19:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-19 23:07 . 2012-12-19 23:10 -------- d-----w- c:\program files\Recuva

2012-12-18 18:29 . 2012-12-18 18:30 -------- d-----w- c:\users\Brian\AppData\Roaming\BitComet

2012-12-18 18:25 . 2012-12-18 18:25 -------- d-----w- C:\Downloads

2012-12-17 18:00 . 2012-12-17 18:00 388096 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-12-17 18:00 . 2012-12-17 18:00 -------- d-----w- c:\program files (x86)\Trend Micro

2012-12-15 01:37 . 2012-12-15 01:37 -------- d-----w- c:\program files (x86)\Auslogics

2012-12-13 02:54 . 2012-12-13 02:54 -------- d-----w- c:\program files (x86)\ESET

2012-12-13 02:18 . 2012-12-13 02:18 -------- d-----w- c:\program files\Macrium

2012-12-13 02:16 . 2012-12-13 02:16 308200 ----a-w- c:\windows\system32\javaws.exe

2012-12-13 02:16 . 2012-12-13 02:16 188392 ----a-w- c:\windows\system32\javaw.exe

2012-12-13 02:16 . 2012-12-13 02:16 188392 ----a-w- c:\windows\system32\java.exe

2012-12-13 02:16 . 2012-12-13 02:16 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-12-13 02:16 . 2012-12-13 02:16 -------- d-----w- c:\program files\Java

2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2012-12-12 00:58 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-12 00:58 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-12 00:58 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-12 00:56 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 00:56 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 00:56 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-10 18:12 . 2012-12-10 18:12 13504 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2012-12-10 18:11 . 2012-12-10 18:11 57024 ----a-w- c:\windows\system32\drivers\psmounterex.sys

2012-12-08 01:10 . 2012-12-08 01:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-05 21:36 . 2012-12-05 21:36 -------- d-----w- c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE}

2012-12-05 21:35 . 2012-12-05 21:36 -------- d-----w- c:\programdata\{B7FA0661-862B-4AE4-A12A-F08D226ED546}

2012-12-05 18:15 . 2012-12-05 18:16 -------- d-----w- c:\users\Brian\AppData\Roaming\Creative

2012-12-05 18:07 . 2012-12-05 18:07 -------- d-----w- c:\programdata\Creative

2012-12-05 18:07 . 2012-12-05 21:36 -------- d-----w- c:\program files (x86)\Creative

2012-11-29 01:11 . 2012-11-29 01:11 -------- d-----w- c:\program files\Soluto

2012-11-28 22:45 . 2012-11-28 22:45 -------- d-----w- C:\McAfee

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-14 15:49 . 2012-11-04 19:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-13 02:16 . 2012-09-14 16:51 959976 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-13 02:16 . 2012-09-14 16:51 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-13 02:13 . 2012-09-14 16:50 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-13 02:13 . 2012-09-14 16:50 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 00:59 . 2012-09-14 15:19 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-27 16:46 . 2012-11-26 20:34 82816 ----a-w- c:\users\Brian\AppData\Roaming\pcouffin.sys

2012-11-21 11:42 . 2012-09-20 22:47 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-11-10 23:57 . 2012-11-10 23:57 25216 ----a-w- c:\windows\system32\drivers\droidcam.sys

2012-11-09 05:40 . 2012-09-14 22:26 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 05:37 . 2012-06-22 05:38 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-11-09 05:37 . 2012-09-14 15:48 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 05:36 . 2012-09-14 22:26 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-11-09 05:36 . 2012-09-14 22:26 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-11-09 05:35 . 2012-06-22 05:36 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 05:34 . 2012-09-14 22:26 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 05:34 . 2012-09-14 22:26 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 05:33 . 2012-06-22 05:34 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-10-17 20:35 . 2012-10-17 20:35 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-17 20:35 . 2012-09-14 16:53 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-17 20:35 . 2012-09-14 16:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38 . 2012-11-28 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-13 19:19 . 2012-10-13 19:19 574 ----a-w- C:\cleanup.bat

2012-10-09 18:17 . 2012-11-17 01:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-17 01:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-17 01:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-17 01:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 22:33 . 2012-10-04 22:33 53248 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-10-04 16:40 . 2012-12-12 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-17 01:27 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-17 01:27 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-17 01:27 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-17 01:27 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-17 01:27 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-17 01:27 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-17 01:27 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-17 01:27 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-17 01:27 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-17 01:27 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-17 01:27 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]

WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

"UacDisableNotify"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\test programma's\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]

R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2012-11-10 25216]

R3 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-14 1255736]

R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]

R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-09-22 56016]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-11-21 54728]

S2 MBAMScheduler;MBAMScheduler;c:\test programma's\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\test programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-12-10 301760]

S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2012-11-21 182840]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-11-21 644152]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]

S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 02:13]

.

2012-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4085980671-1877415730-1580475011-1000Core.job

- c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 22:24]

.

2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4085980671-1877415730-1580475011-1000UA.job

- c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 22:24]

.

2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29]

.

2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29]

.

2012-12-26 c:\windows\Tasks\HPCeeScheduleForBRIAN-PC$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2012-12-20 c:\windows\Tasks\HPCeeScheduleForBrian.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]

"Soluto"="c:\program files\soluto\soluto.exe" [2012-11-21 1278008]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\users\Brian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Brian\Desktop\mbar\mbar.exe

Wow6432Node-HKLM-RunOnce-1 - c:\users\Brian\Desktop\mbam-chameleon.exe

AddRemove-Fences - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe

AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe

AddRemove-{D40EB009-0499-459c-A8AF-C9C110766215} - c:\program files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"v5Licence0"="15-BDQC-7UK5-EXJX-PX69-4H1M-NKYDU2H"

"Activated"="N"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-28 12:20:36

ComboFix-quarantined-files.txt 2012-12-28 11:20

.

Pre-Run: 1.438.312.701.952 bytes beschikbaar

Post-Run: 1.438.017.990.656 bytes beschikbaar

.

- - End Of File - - 040FC1CEAB796AF98D9944A1CAB90744

Link naar reactie
Delen op andere sites
  • Reacties 29
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit ziet er netjes uit.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dat is de setup van een Logitech Webcam. Lijkt op zich niet echt iets mis mee ... maar zou kunnen omdat er vanuit gegaan wordt dat de setup toch al heeft plaatsgevonden en het programma geïnstalleerd is. Maar is enkel een gokje ?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.