pauwhoven

11 maart 2012

Kreeg combofix moeilijk opgestart.

Eerst wilde het slepen van kladblok niet lukken.

ComboFix 12-03-04.02 - Wilma 11-03-2012 10:43:26.7.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4504 [GMT 1:00]

Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\gebruikers\Wilma\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-11 to 2012-03-11 ))))))))))))))))))))))))))))))

.

2012-03-11 09:44 . 2012-03-11 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-11 08:47 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E506373-FD9D-498A-A0BB-7CCDE1BD153E}\mpengine.dll

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital

2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters

2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz

2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys

2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys

2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll

2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll

2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-03 08:16 . 2012-03-11 09:47 56982 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-11 09:47 32316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-06-01 16:33 . 2012-03-11 09:47 12578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin

- 2010-06-01 16:02 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-01 16:02 . 2012-03-10 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-06-01 16:02 . 2012-03-06 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-01 16:02 . 2012-03-10 15:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-10 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-11 09:45 . 2012-03-11 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-11 09:45 . 2012-03-11 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat

+ 2009-07-14 09:16 . 2012-03-11 08:41 706604 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-11 08:41 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-03-11 08:41 135626 c:\windows\system32\perfc013.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-03-11 08:41 108256 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-03-11 09:44 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-05 23:58 . 2012-03-09 04:43 1440732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-12288.dat

+ 2010-07-14 22:44 . 2012-03-11 09:44 28937832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat

+ 2011-06-27 22:26 . 2012-03-11 09:44 26418768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R2 nlsX86cc;Nalpeiron Licensing Service; [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-10 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-11 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\SYSTEM32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: microsoft.com\oas.support

Trusted Zone: microsoft.com\support

Trusted Zone: nero.com

TCP: DhcpNameServer = 192.168.2.254

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitasuperfiles');

user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

.

**************************************************************************

.

Voltooingstijd: 2012-03-11 10:51:53 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-11 09:51

ComboFix2.txt 2012-03-10 09:11

ComboFix3.txt 2012-03-08 11:35

ComboFix4.txt 2012-03-06 18:10

ComboFix5.txt 2012-03-11 09:42

.

Pre-Run: 19.861.708.800 bytes beschikbaar

Post-Run: 19.909.300.224 bytes beschikbaar

.

- - End Of File - - 7ADA361EC0C0A585589A0468A934B6AA

Krijg dit bericht als combofix wordt opgestart.

10 maart 2012

Hallo, Ik kan CFScript.txt nergens vinden.

Als ik dit in mijn verkenner typ geeft hij aan dat het gewijzigd of verplaats is.

Maar ik heb dit zelf niet gedaan.

Wat nu.

Groetjes Wilma

10 maart 2012

het is inderdaad nog niet weg

kijk maar

10 maart 2012

ComboFix 12-03-04.02 - Wilma 10-03-2012 10:03:02.6.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4553 [GMT 1:00]

Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))))

.

2012-03-10 09:04 . 2012-03-10 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-09 11:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4383741B-6F50-409C-B79D-454CA86EC479}\mpengine.dll