Ga naar inhoud

explorer reageert niet meer


marietje

Aanbevolen berichten

Download 51a5bf3d99e8a-ComboFixlogo16.pngComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.

Link naar reactie
Delen op andere sites

zie hier de logfile van ComboFix:

ComboFix 14-01-16.03 - Administrator 19-01-2014 12:07:00.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1918.963 [GMT 1:00]

Gestart vanuit: c:\users\Administrator\Documents\installatiebestanden\ComboFix.exe

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-12-19 to 2014-01-19 ))))))))))))))))))))))))))))))

.

.

2014-01-19 11:14 . 2014-01-19 11:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2014-01-19 11:14 . 2014-01-19 11:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-01-19 11:14 . 2014-01-19 11:14 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp

2014-01-19 11:14 . 2014-01-19 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-14 15:15 . 2012-03-29 08:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-14 15:15 . 2011-07-06 13:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-11 11:41 . 2013-03-29 16:22 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-11-05 20:50 . 2013-11-05 20:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2013-11-04 20:57 . 2013-11-04 20:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-10-31 22:00 . 2013-10-31 22:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-10-31 21:30 . 2013-10-31 21:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-10-30 02:13 . 2013-12-12 18:40 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll

2013-10-30 02:12 . 2013-12-12 18:40 335360 ----a-w- c:\windows\system32\SysFxUI.dll

2013-10-30 01:43 . 2013-12-12 18:40 130048 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-10-30 00:43 . 2013-12-12 18:40 167936 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-10-30 00:35 . 2013-12-12 18:41 2050560 ----a-w- c:\windows\system32\win32k.sys

2013-10-25 08:25 . 2013-12-12 18:40 916992 ----a-w- c:\windows\system32\wininet.dll

2013-10-25 08:18 . 2013-12-12 18:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-25 08:18 . 2013-12-12 18:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-10-25 08:18 . 2013-12-12 18:40 71680 ----a-w- c:\windows\system32\iesetup.dll

2013-10-25 08:18 . 2013-12-12 18:40 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-10-25 08:16 . 2013-12-12 18:40 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-25 06:39 . 2013-12-12 18:40 385024 ----a-w- c:\windows\system32\html.iec

2013-10-25 04:55 . 2013-12-12 18:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2013-10-25 04:53 . 2013-12-12 18:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2013-10-24 21:28 . 2013-10-24 21:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-10-22 07:19 . 2013-12-12 18:40 158208 ----a-w- c:\windows\system32\imagehlp.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2014-01-08 19:01 3349528 ----a-w- c:\program files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll" [2014-01-08 3349528]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-01-08 2486296]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 14:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-01-29 19:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-01-29 19:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-05-15 14:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:15]

.

2014-01-18 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.telegraaf.nl/

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: buienradar.nl\www

Trusted Zone: ergogenics.org\www

Trusted Zone: google.com\support

Trusted Zone: nicetranslator.com\www

Trusted Zone: xxlnutrition.nl\www

Trusted Zone: youtube.com

Trusted Zone: youtube.com\www

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v2m2jxyr.default-1355060701559\

FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/

FF - ExtSQL: 2013-12-07 02:25; firefox@outobox.net; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v2m2jxyr.default-1355060701559\extensions\firefox@outobox.net.xpi

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2014-01-19 12:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,11,

e2,69,9d,44,0a,a0,37,dc,a9,21,92,14,1a

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fe,

a0,56,93,ba,55,a3,e1,4a,e0,c1,4e,f4,16

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,cb,

05,9e,b9,e9,06,ba,9a,b0,17,84,6a,fc,da

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:2a,f1,41,65,f7,e4,cd,01

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,f0,35,59,c1,29,74,4b,aa,29,06,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,c3,50,63,4c,72,f7,41,a9,ca,57,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,c3,50,63,4c,72,f7,41,a9,ca,57,\

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.avi"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\Winword.exe"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Microsoft Internet Mail Message"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M3U"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2014-01-19 12:17:22

ComboFix-quarantined-files.txt 2014-01-19 11:17

.

Pre-Run: 18.872.225.792 bytes beschikbaar

Post-Run: 21.666.590.720 bytes beschikbaar

.

- - End Of File - - DDB8268101E6C7EDF48A01714F2E359B

5C616939100B85E558DA92B899A0FC36

Hopelijk kun je er iets in vinden.

Link naar reactie
Delen op andere sites

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
 Registry::
 [-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 [-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
 [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
 [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

CFScript.gif

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

Link naar reactie
Delen op andere sites

Hierbij weer de nieuwe logfile van ComboFix.

By the way: het is dat ik even op de site kijk of er een antwoord is, want ik krijg geen e-mailmelding meer hiervan.Hiervoor kreeg ik voor iedere reactie een e-mailmelding, maar dit even terzijde.

ComboFix 14-01-16.03 - Administrator 19-01-2014 17:42:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1918.1076 [GMT 1:00]

Gestart vanuit: c:\users\Administrator\Documents\installatiebestanden\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Administrator\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ADMINI~1\AppData\Local\Temp\ppcrlui_5668_2

c:\users\Administrator\AppData\Local\Temp\ppcrlui_5668_2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-12-19 to 2014-01-19 ))))))))))))))))))))))))))))))

.

.

2014-01-19 16:50 . 2014-01-19 16:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2014-01-19 16:50 . 2014-01-19 16:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-01-19 16:50 . 2014-01-19 16:50 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp

2014-01-19 16:50 . 2014-01-19 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-14 15:15 . 2012-03-29 08:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-14 15:15 . 2011-07-06 13:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-11 11:41 . 2013-03-29 16:22 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-11-05 20:50 . 2013-11-05 20:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2013-11-04 20:57 . 2013-11-04 20:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-10-31 22:00 . 2013-10-31 22:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-10-31 21:30 . 2013-10-31 21:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-10-30 02:13 . 2013-12-12 18:40 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll

2013-10-30 02:12 . 2013-12-12 18:40 335360 ----a-w- c:\windows\system32\SysFxUI.dll

2013-10-30 01:43 . 2013-12-12 18:40 130048 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-10-30 00:43 . 2013-12-12 18:40 167936 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-10-30 00:35 . 2013-12-12 18:41 2050560 ----a-w- c:\windows\system32\win32k.sys

2013-10-25 08:25 . 2013-12-12 18:40 916992 ----a-w- c:\windows\system32\wininet.dll

2013-10-25 08:18 . 2013-12-12 18:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-25 08:18 . 2013-12-12 18:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-10-25 08:18 . 2013-12-12 18:40 71680 ----a-w- c:\windows\system32\iesetup.dll

2013-10-25 08:18 . 2013-12-12 18:40 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-10-25 08:16 . 2013-12-12 18:40 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-25 06:39 . 2013-12-12 18:40 385024 ----a-w- c:\windows\system32\html.iec

2013-10-25 04:55 . 2013-12-12 18:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2013-10-25 04:53 . 2013-12-12 18:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2013-10-24 21:28 . 2013-10-24 21:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-10-22 07:19 . 2013-12-12 18:40 158208 ----a-w- c:\windows\system32\imagehlp.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-01-08 2486296]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 14:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-01-29 19:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-01-29 19:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-05-15 14:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:15]

.

2014-01-19 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.telegraaf.nl/

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: buienradar.nl\www

Trusted Zone: ergogenics.org\www

Trusted Zone: google.com\support

Trusted Zone: nicetranslator.com\www

Trusted Zone: xxlnutrition.nl\www

Trusted Zone: youtube.com

Trusted Zone: youtube.com\www

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v2m2jxyr.default-1355060701559\

FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/

FF - ExtSQL: 2013-12-07 02:25; firefox@outobox.net; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v2m2jxyr.default-1355060701559\extensions\firefox@outobox.net.xpi

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2014-01-19 17:51

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,11,

e2,69,9d,44,0a,a0,37,dc,a9,21,92,14,1a

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fe,

a0,56,93,ba,55,a3,e1,4a,e0,c1,4e,f4,16

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,cb,

05,9e,b9,e9,06,ba,9a,b0,17,84,6a,fc,da

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:2a,f1,41,65,f7,e4,cd,01

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,f0,35,59,c1,29,74,4b,aa,29,06,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,c3,50,63,4c,72,f7,41,a9,ca,57,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,c3,50,63,4c,72,f7,41,a9,ca,57,\

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.avi"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\Winword.exe"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Microsoft Internet Mail Message"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M3U"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1644259378-8745043-3951940847-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2014-01-19 17:53:01

ComboFix-quarantined-files.txt 2014-01-19 16:52

ComboFix2.txt 2014-01-19 11:17

.

Pre-Run: 20.104.884.224 bytes beschikbaar

Post-Run: 20.218.216.448 bytes beschikbaar

.

- - End Of File - - 6AFACBC7637A0192BA47A45C0C2D2D06

5C616939100B85E558DA92B899A0FC36

Link naar reactie
Delen op andere sites

zal dit af moeten wachten, aangezien ik nooit tevoren weet wanneer deze er de brui aan geeft.

Mijn vraag is eigenlijk of de registerwaarden, die ik moest plakken in ComboFix voor een nieuwe scan, de boosdoeners zijn.

Je had duidelijk iets geisoleerd uit de file.

Kun je mij uitleggen waarom je voor deze waarden heb gekozen? Zijn ze verdacht?

Afijn wellicht dat je mij dit zou willen uitleggen, ik weet graag waarom ik iets doe.

Ik heb vorig jaar IE9 gehad, die mij niet erg beviel. Nogal uitgekleed in gebruik , wat betreft de werkbalken etc.Moest er verschrikkelijk aan wennen.

Derhalve weer terug naar IE8 gegaan.

Misschien volledig overgaan naar Firefox!

Hoop dat je mijn vraag kan beantwoorden, daarna lijkt mij dat het topic afgesloten kan worden.

Het is toch, zoals ik al zei, afwachten geblazen.

Link naar reactie
Delen op andere sites

Wat we verwijderd hebben met Combofix is de (dubieuze) AVG Toolbar, meer niet.

Nu mag je nog wel alle gebruikte tools verwijderen:

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.