sommige linken werken niet

pauwhoven · 6 maart 2012

ComboFix 12-03-04.02 - Wilma 06-03-2012 14:05:00.3.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4484 [GMT 1:00]

Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))))

.

2012-03-06 13:09 . 2012-03-06 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-06 13:03 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A962B36-4716-4840-8FD8-32362FB6BBC2}\mpengine.dll

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes

2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital

2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB

2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters

2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz

2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys

2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys

2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll

2012-02-24 10:29 . 2012-03-06 10:30 -------- d-----w- c:\program files (x86)\DealPly

2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-03 08:16 . 2012-03-06 13:12 56184 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-06 13:12 32244 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-06-01 16:33 . 2012-03-06 12:51 12450 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-06 13:10 . 2012-03-06 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-06 13:10 . 2012-03-06 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 09:16 . 2012-03-06 12:54 706604 c:\windows\system32\perfh013.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-06 12:54 621036 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-03-06 12:54 135626 c:\windows\system32\perfc013.dat

- 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-03-06 12:54 108256 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-03-06 13:09 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-07-14 22:44 . 2012-03-06 13:09 28853600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat

- 2010-07-14 22:44 . 2012-03-06 12:36 28853600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat

+ 2011-06-27 22:26 . 2012-03-06 13:09 26197962 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat

- 2011-06-27 22:26 . 2012-03-06 12:36 26197962 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R2 nlsX86cc;Nalpeiron Licensing Service; [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18]

.

2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48]

.

2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job

- c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45]

.

2012-03-06 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\SYSTEM32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: microsoft.com\oas.support

Trusted Zone: microsoft.com\support

Trusted Zone: nero.com

TCP: DhcpNameServer = 192.168.2.254

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&sr=0&q=

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitasuperfiles');

user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-06 14:16:23 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-06 13:16

ComboFix2.txt 2012-03-06 12:44

.

Pre-Run: 19.728.195.584 bytes beschikbaar

Post-Run: 19.429.404.672 bytes beschikbaar

.

- - End Of File - - 4260D9800F1CB0C3C78297D8718C08E5

Dag kweezie Wabbit

Ik ben me rot geschrokken, het programma ging geheel zijn eigen weg, er werd niet gvraagd om de computer opnieuw op te starten.

Het starte vanzelf opnieuw op, ik kon het logboek niet verzenden naar jullie toe.

Kon geen verbinding meer krijgen en ook geen verbinding meer maken met internet.

Ik heb toen de computer opnieuw opgestart en het programma opnieuw laten uitvoeren.

Dit is in feite het 2e log bestand.

Ik laat jullie dit even weten voordat een ander er zich er een ongeluk van schrikt.

Tot nu toe heb ik niet het idee dat er iets niet meer goed werkt.

Tot zover dit bericht.

Groetjes Wilma

PS.Was mijn computer dan besmet?

kweezie wabbit · 6 maart 2012

Er zit inderdaad een en ander op je pc dat er niet thuishoort maar we zijn goed op weg om dit allemaal op te ruimen.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\Program Files (x86)\Windows Searchqu Toolbar

Firefox::

FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&sr=0&q=

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitasuperfiles');

user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw hijackthis logje.

pauwhoven · 6 maart 2012

ComboFix 12-03-04.02 - Wilma 06-03-2012 18:58:51.4.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4365 [GMT 1:00]

Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\gebruikers\Wilma\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))))

.

2012-03-06 18:02 . 2012-03-06 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp