zwieper

2 januari 2013

Ik had de 2e pagina niet gezien, vandaag dat het eerste deel van bovenstaand bericht wat in herhaling valt dus mag genegeert worden.

Wat de hare schijf betreft vermoed ik dat ze voor de vuilbak is...

1 januari 2013

ik heb de scan uitgevoerd maar per ongeluk het logje verwijderd. Er was 1 bestand besmet hetgeen ook verwijderd werd...

Nu is bij het opstarten vandaag de laptop terug vastgelopen. De kleur van de takenbalk verandert dan van donker blauw naar licht blauw en hij vindt dan geen netwerken zijn. Wanneer ik dit probeer op te lossen, loopt hij steeds vast. Meestal moet ik enkele minuten wachten en lost het problem zichzelf op.

Nu kreeg ik tevens daarnet de melding dat er een probleem is met mijn harde schijf en dat in onmiddellijk een backup moet maken. Ik kreeg volgende melding;

31 december 2012

zo. Ik ben erin geeslaagd het logje te verwijderen (lomp, Ik weet het) van mijn laptop. Ik kan alleen zeggen dat het programma bijna 4 uur heeft gescand en 1 bestand heeft gevonden en erna ook verwijderd.

Laptop startte vandaag vlot op. Ik ga het nog even in het midden laten of de problemen van de baan zijn tot ik hem nog enkele keren heb opgestart.

29 december 2012

Vandaag de laptop opgestart. hij heeft 10 minuten het zwarte opstartscherm met windowslogo weergegeven met de vermelding "windows starten". Dit zou maar 10 seconden mogen duren . Ik heb mij vervolgens kunnen inloggen maar heb ik nog eens een kwartier nodig gehad om de internetexplorer te openen omdat hij voortdurend vastliep. Voor de laptop besmet was met het politievirus deed hij dit allemaal niet.

28 december 2012

De meeste vastlopers gebeuren bij de opstart of kort erna. Ik heb met opzet mijn laptop niet meer uitgeschakeld tijdens de laatste 3 dagen omdat ik schrik had hem anders niet meer opgestart te krijgen. Ik heb hem zonet heropgestart. Dit ging moeizaam maar ok. Het zal uit de volgende dagen moeten blijken of hij nog vastloopt. Ik laat dan wel nader bericht.

Alvast bedankt voor de hulp zover.

27 december 2012

ComboFix 12-12-27.03 - Stephanie 28/12/2012 0:02.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4023.2107 [GMT 1:00]

Gestart vanuit: c:\users\Stephanie\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Stephanie\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\cc_20121031_165609.reg"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\cc_20121031_165609.reg

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-27 to 2012-12-27 ))))))))))))))))))))))))))))))

.

2012-12-27 23:08 . 2012-12-27 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-27 13:55 . 2012-12-27 13:55 -------- d-----w- c:\users\Stephanie\AppData\Roaming\TuneUp Software

2012-12-27 13:53 . 2012-12-27 13:56 -------- d-----w- c:\programdata\AVG2013

2012-12-27 13:51 . 2012-12-27 13:51 -------- d-----w- c:\users\Stephanie\AppData\Local\MFAData

2012-12-27 13:51 . 2012-12-27 13:51 -------- d-----w- c:\users\Stephanie\AppData\Local\Avg2013

2012-12-26 15:42 . 2012-12-26 15:42 388096 ----a-r- c:\users\Stephanie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-12-22 10:36 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 10:36 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 10:36 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 10:36 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-22 09:36 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-22 09:35 . 2012-12-22 09:35 -------- d-----w- c:\program files\iPod

2012-12-22 09:35 . 2012-12-22 09:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-22 09:35 . 2012-12-22 09:35 -------- d-----w- c:\program files\iTunes

2012-12-22 09:35 . 2012-12-22 09:35 -------- d-----w- c:\program files (x86)\iTunes

2012-12-22 09:29 . 2012-12-22 09:30 -------- d-----w- c:\program files\Bonjour

2012-12-22 09:29 . 2012-12-22 09:30 -------- d-----w- c:\program files (x86)\Bonjour

2012-12-13 13:56 . 2012-12-13 13:56 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-12-13 10:06 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-13 10:06 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-13 10:06 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-28 10:45 . 2012-11-28 10:46 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Vso

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 21:38 . 2012-06-18 07:48 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-13 10:34 . 2012-04-08 08:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-13 10:34 . 2012-04-08 08:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-12 03:47 . 2012-11-12 03:47 312160 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-11-08 16:31 . 2012-09-04 14:27 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-11-01 17:02 . 2012-11-01 17:02 36520 ----a-w- c:\windows\system32\drivers\amdkmpfd.sys

2012-11-01 16:42 . 2012-11-01 16:42 31040 ----a-w- c:\windows\system32\nvhdap64.dll

2012-11-01 16:42 . 2012-11-01 16:42 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-11-01 16:42 . 2012-11-01 16:42 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-17 01:31 . 2012-10-31 14:54 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85E46C08-9B9D-4486-9E11-2F88F0ADB4B9}\mpengine.dll

2012-10-16 08:38 . 2012-11-28 10:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 10:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 10:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 11:29 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 18:17 . 2012-11-15 11:29 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 11:29 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 11:29 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-04 16:40 . 2012-12-13 10:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-15 11:29 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-15 11:29 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-15 11:29 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-15 11:29 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-15 11:29 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-15 11:29 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-15 11:29 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-15 11:29 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-15 11:29 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 11:29 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-15 11:29 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-29 18:54 . 2012-09-19 11:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-11-08 16:31 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-03-05 928096]

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]

R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2012-11-01 36520]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]

S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - AVGLOGA

*NewlyCreated* - AVGMFX64

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 11:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 10:34]

.

2012-12-27 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-10-31 11:51]

.

2012-11-29 c:\windows\Tasks\HPCeeScheduleForStephanie.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]

.

2012-12-27 c:\windows\Tasks\powersuite_monitor.job

- c:\program files (x86)\Uniblue\Powersuite\powersuite_monitor.exe [2012-11-01 16:54]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-28 16395880]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Stephanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.130.131 195.130.131.131

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

DPF: {79DA2FED-7618-4A84-8E79-35FDC3CA61B5} - hxxp://c212729.r29.cf1.rackcdn.com/CamSpaceActiveX219.cab

FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\j91cao8n.default\

FF - ExtSQL: 2012-10-31 16:59; {2d8d9acc-f6d7-4362-8876-a275ca929591}; c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\j91cao8n.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{A057A204-BACC-4D26-9990-79A187E2698E}"=hex:51,66,7a,6c,4c,1d,38,12,6a,a1,44,

a4,fe,f4,48,08,e6,86,3a,e1,82,bc,2d,9a

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ae,e1,28,93,2d,26,cd,01

.

[HKEY_USERS\S-1-5-21-2813474692-1284491668-1785316490-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8E27828-307C-8B62-6631-43A27B9F5A04}*]

"oabonglmidnfomffolpgidhmnfmikd"=hex:61,69,68,6b,63,64,66,68,68,67,6b,61,69,6e,

6d,66,61,6d,6f,61,6f,6c,68,63,6d,68,62,6c,67,6d,6a,6e,66,69,6e,64,6b,6a,62,\

"iagnfioneajepdaeij"=hex:69,61,61,70,6d,67,69,69,64,6d,64,62,68,67,68,65,6f,62,

00,00

"hammhdbecjhdbbio"=hex:69,61,61,70,6d,67,69,69,64,6d,64,62,68,67,68,65,6f,62,

00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-28 00:11:30

ComboFix-quarantined-files.txt 2012-12-27 23:11

ComboFix2.txt 2012-12-27 14:18

.

Pre-Run: 282.121.920.512 bytes beschikbaar

Post-Run: 281.866.289.152 bytes beschikbaar

.

- - End Of File - - 47EB373EB6C574760B330DF92A6E8339

27 december 2012

Bedankt voor de reactie

ComboFix 12-12-27.02 - Stephanie 27/12/2012 15:07:05.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4023.2159 [GMT 1:00]

Gestart vanuit: c:\users\Stephanie\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Stephanie\AppData\Roaming\vso_ts_preview.xml

c:\windows\security\Database\tmp.edb

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-27 to 2012-12-27 ))))))))))))))))))))))))))))))

.

2012-12-27 14:14 . 2012-12-27 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp