Baracudaz
-
Items
3 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Baracudaz
-
W32/Patched.UA and TR/ATRAPS.GEN
Baracudaz reageerde op Baracudaz's topic in Archief Bestrijding malware & virussen
Mijn firewall en windows update werken weer bedankt voor uw hulp. -
W32/Patched.UA and TR/ATRAPS.GEN
Baracudaz reageerde op Baracudaz's topic in Archief Bestrijding malware & virussen
Mijn firewall en windows update zijn nu terug werkend, alvast bedankt daarvoor, en krijg geen melding meer van avira. Wat moet ik nu verder doen? ComboFix 12-12-01.01 - Bebruiker 01/12/2012 15:16:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8164.6213 [GMT 1:00] Gestart vanuit: c:\users\Bebruiker\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bebruiker\AppData\Local\{4d29d692-bef2-e21e-3506-cc687f3bcaf1} c:\users\Bebruiker\AppData\Local\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\@ c:\users\Bebruiker\AppData\Local\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\n c:\users\Public\sdelevURL.tmp c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1} c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\L\00000004.@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\L\00000008.@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\L\201d3dde c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\L\4cce1f70 c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\L\55490ac4 c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\n c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\U\00000004.@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\U\00000008.@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\U\000000cb.@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\U\80000000.@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\U\80000032.@ c:\windows\Installer\{4d29d692-bef2-e21e-3506-cc687f3bcaf1}\U\80000064.@ c:\windows\IsUn0413.exe c:\windows\SysWow64\tmp49FE.tmp c:\windows\SysWow64\tmp9A2D.tmp c:\windows\SysWow64\tmp9A2E.tmp . Besmet exemplaar van c:\windows\system32\Services.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))) . . 2012-11-30 19:52 . 2012-11-30 19:52 -------- d-----w- c:\users\Bebruiker\AppData\Roaming\Avira 2012-11-30 19:46 . 2012-11-30 19:46 -------- d-----w- c:\programdata\Avira 2012-11-30 19:46 . 2012-11-30 19:46 -------- d-----w- c:\program files (x86)\Avira 2012-11-30 19:46 . 2012-11-16 19:17 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-11-30 19:46 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-11-30 19:46 . 2012-11-16 19:17 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-11-30 19:44 . 2012-11-30 19:44 -------- d-----w- c:\users\Bebruiker\AppData\Local\ElevatedDiagnostics 2012-11-23 22:02 . 2012-11-23 22:02 -------- d-----w- c:\users\Bebruiker\AppData\Local\ESN 2012-11-18 17:22 . 2012-12-01 10:23 -------- d-----w- c:\users\Bebruiker\Tracing 2012-11-18 17:17 . 2012-11-18 17:18 -------- d-----w- c:\program files (x86)\Windows Live 2012-11-18 17:15 . 2012-11-21 11:58 -------- d-----w- c:\users\Bebruiker\AppData\Local\Windows Live 2012-11-18 17:15 . 2012-11-18 17:15 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2012-11-07 13:34 . 2012-12-01 13:52 -------- d-----w- c:\users\Bebruiker\AppData\Roaming\Skype 2012-11-07 13:34 . 2012-11-07 13:35 -------- d-----r- c:\program files (x86)\Skype 2012-11-07 13:34 . 2012-11-07 13:34 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-07 13:34 . 2012-11-07 13:35 -------- d-----w- c:\programdata\Skype . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-26 16:50 . 2012-04-01 19:40 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-26 16:50 . 2011-09-21 14:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-25 18:07 . 2011-12-30 21:49 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-11-25 18:07 . 2011-12-30 18:32 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-11-25 18:07 . 2011-12-30 18:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-10-19 16:39 . 2012-10-19 16:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-19 16:39 . 2012-07-10 21:07 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-19 16:39 . 2011-12-20 12:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Bebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800] . c:\users\Bebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ F1 2011.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-12-19 16008] R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x] R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-07-27 35456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-21 1255736] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-19 85280] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-12-19 22408] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:50] . 2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3469318223-3644822478-2311151327-1000Core.job - c:\users\Bebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 19:46] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3469318223-3644822478-2311151327-1000UA.job - c:\users\Bebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 19:46] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://depiraatbaai.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local> IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3469318223-3644822478-2311151327-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3469318223-3644822478-2311151327-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3469318223-3644822478-2311151327-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3469318223-3644822478-2311151327-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3469318223-3644822478-2311151327-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3469318223-3644822478-2311151327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Windows Media Player\wmplayer.exe . ************************************************************************** . Voltooingstijd: 2012-12-01 15:25:03 - machine werd herstart ComboFix-quarantined-files.txt 2012-12-01 14:25 . Pre-Run: 360.891.224.064 bytes beschikbaar Post-Run: 361.452.924.928 bytes beschikbaar . - - End Of File - - 6D8F680B2FA7582B592C0246EA6B4012 -
W32/Patched.UA and TR/ATRAPS.GEN
Baracudaz plaatste een topic in Archief Bestrijding malware & virussen
Hallo, Ik was een tijd afwezig op mijn pc en zag vanmorgen pas dat mijn pc was geïnfecteerd met deze 3 soorten verschillende virussen: W32/Patched.UA TR/ATRAPS.Gen TR/ATRAPS.Gen 2 Ik gebruikte dus onmiddelijk een virusscan met avira en kwam erachter dat services.exe in C:\Windows\System32 al dus een tijdje geïnfecteerd was met dit virus, ik weet echter niet hoe ik dit kan oplossen en ben er ook al achter gekomen dat windows firewall and update allebei niet meer werken en foutcode 0x8007042c aangeeft bij windows firewall en bij windows update dat de services niet mogelijk zijn en dat ik de computer opnieuw moet opstarten. In ieder geval nu blijft avira (gratis versie) mij continu W32/Patched.UA aangeven en in quarantaine plaatsen werkt dus niet... Ik heb windows 7 home premium met 64-bit besturingssysteem en ik hoop dat iemand mij kan helpen dit probleem op te lossen.
