Ga naar inhoud

claro search

arend51
 Delen

Aanbevolen berichten

arend51 Groentje

arend51

Geplaatst:
  • Auteur
Geplaatst:
Strikt genomen mogen Norton en Malwarebytes geen problemen geven. Die moeten perfect kunnen samenwerken, vermits het twee verschillende soorten programma's zijn. Welke problemen heb je er dan mee gehad ?

Ikzelf had problemen met een spel wat het niet deed en iemand anders hier kon niet meer op t internet. Het waren twee programma's die ons toen werden geadviseerd door XS4all i.v.m. virussen e.d. malwarebytes en ik meen alaware. Het heeft veel moeite gekost om alle sporen te verwijderen, vandaar.

Link naar reactie
Delen op andere sites
  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

arend51 Groentje

arend51

Geplaatst:
  • Auteur
Geplaatst:

Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400

www.malwarebytes.org

Databaseversie: v2012.09.11.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Eigenaar :: EIGENAAR-PC [administrator]

Realtime bescherming: Ingeschakeld

11-9-2012 20:47:14

mbam-log-2012-09-11 (20-47-14).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 299600

Verstreken tijd: 5 minuut/minuten, 47 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1

HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
arend51 Groentje

arend51

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-09-12.02 - Eigenaar 12-09-2012 11:39:52.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4076.2270 [GMT 2:00]

Gestart vanuit: c:\users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBL7B63Y\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPly.crx

c:\program files (x86)\DealPly\DealPlyIE.dll

c:\program files (x86)\DealPly\DealPlyTune.dll

c:\program files (x86)\DealPly\DealPlyUpdate.exe

c:\program files (x86)\DealPly\DealPlyUpdate.log

c:\program files (x86)\DealPly\DealPlyUpdateRun.exe

c:\program files (x86)\DealPly\icon.ico

c:\program files (x86)\DealPly\uninst.exe

c:\users\Eigenaar\AppData\Roaming\PriceGong

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\1.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\371.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\a.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\b.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\c.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\d.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\e.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\f.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\g.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\h.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\i.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\j.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\k.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\l.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\m.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\mru.xml

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\n.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\o.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\p.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\q.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\r.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\s.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\t.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\u.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\v.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\w.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\wlu.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\x.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\y.txt

c:\users\Eigenaar\AppData\Roaming\PriceGong\Data\z.txt

c:\windows\SysWow64\10561057

c:\windows\SysWow64\10561058

c:\windows\SysWow64\10561059

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-12 to 2012-09-12 ))))))))))))))))))))))))))))))

.

.

2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC\AppData\Local\temp

2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.002\AppData\Local\temp

2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.001\AppData\Local\temp

2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.000\AppData\Local\temp

2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-12 09:52 . 2012-09-12 09:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-12 09:36 . 2012-09-12 09:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48957CA1-2D9B-41D0-9769-A52C3F8A0498}\offreg.dll

2012-09-11 18:45 . 2012-09-11 18:45 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes

2012-09-11 18:44 . 2012-09-11 18:44 -------- d-----w- c:\programdata\Malwarebytes

2012-09-11 18:44 . 2012-09-11 18:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-11 18:44 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-11 08:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48957CA1-2D9B-41D0-9769-A52C3F8A0498}\mpengine.dll

2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Local\Windows Live Writer

2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Windows Live Writer

2012-09-09 18:09 . 2012-09-09 18:09 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Jetdogs Studios

2012-09-09 10:21 . 2012-09-09 10:22 -------- d-----w- c:\users\Eigenaar\AppData\Local\Deployment

2012-09-09 09:28 . 2012-09-09 09:28 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-09 09:28 . 2012-09-09 09:28 -------- d-----w- c:\program files (x86)\Trend Micro

2012-09-06 09:03 . 2012-09-06 09:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\FOP

2012-09-04 20:03 . 2012-09-04 20:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\ExpressFiles

2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-02 15:46 . 2012-09-02 15:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Java

2012-08-29 08:58 . 2012-08-29 08:58 -------- d-----w- c:\programdata\SulusGames

2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----r- c:\program files (x86)\Skype

2012-08-22 19:37 . 2012-08-22 19:37 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\TOSST

2012-08-16 19:06 . 2012-08-16 19:06 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\PlataGames

2012-08-15 11:29 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-15 08:20 . 2012-08-16 08:38 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E

2012-08-15 08:06 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 08:06 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 08:05 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 08:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 08:05 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 08:05 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 08:05 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 08:05 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-15 08:05 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 08:05 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 08:05 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 08:05 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-14 20:50 . 2012-08-14 20:50 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\EurekaLog

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-02 15:46 . 2012-07-02 08:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-02 15:46 . 2011-10-10 09:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-23 08:56 . 2012-04-03 08:17 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-23 08:56 . 2011-09-14 10:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 11:17 . 2011-09-12 13:06 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-07 22:10 . 2012-08-07 22:10 207289 ----a-w- C:\torrent.exe

2012-07-18 18:52 . 2012-05-09 20:52 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-18 18:52 . 2012-05-09 20:52 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-07-18 18:52 . 2012-05-09 20:52 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-18 18:52 . 2012-05-09 20:52 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"KPN Assistent"="c:\program files (x86)\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"RAInstaller c:\gamehouse games\The Chronicles of Shakespeare - A Midsummer Night's Dream"="rmdir" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R4 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-03-28 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120911.001\IDSvia64.sys [2012-09-01 513184]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 349736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:56]

.

2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000Core.job

- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22]

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000UA.job

- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\ryyvcqlt.default\

FF - prefs.js: browser.startup.homepage - hxxp://isearch.claro-search.com/?affID=114164&tt=3612_6&babsrc=HP_iclro&mntrId=aa9038d7000000000000e0ca941ca601

FF - prefs.js: keyword.URL - hxxp://isearch.claro-search.com/?affID=114164&tt=3612_6&babsrc=KW_iclro&mntrId=aa9038d7000000000000e0ca941ca601&q=

FF - prefs.js: browser.search.selectedEngine - Claro Search

FF - user.js: extensions.claro.autoRvrt - false

FF - user.js: extensions.claro_i.newTab - false

FF - user.js: extensions.claro.id - aa9038d7000000000000e0ca941ca601

FF - user.js: extensions.claro.instlDay - 15587

FF - user.js: extensions.claro.vrsn - 1.6.4.1

FF - user.js: extensions.claro.vrsni - 1.6.4.1

FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.122:04

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - iclaro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

AddRemove-Denda Games Midnight Mysteries - Devil on the Mississippi - c:\program files (x86)\Denda Games\Midnight Mysteries - Devil on the Mississippi\Uninstall.exe

AddRemove-Nancy Drew - Secret Of The Old Clock - c:\program files (x86)\Nancy Drew - Secret Of The Old Clock\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-09-12 12:06:56

ComboFix-quarantined-files.txt 2012-09-12 10:06

.

Pre-Run: 151.088.427.008 bytes beschikbaar

Post-Run: 154.913.619.968 bytes beschikbaar

.

- - End Of File - - C4E2B599B86D0C1ED8821215638B6BDF

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

DDS::

mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848

Firefox::

FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\ryyvcqlt.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.search.selectedEngine - Claro Search

FF - user.js: extensions.claro.autoRvrt - false

FF - user.js: extensions.claro_i.newTab - false

FF - user.js: extensions.claro.id - aa9038d7000000000000e0ca941ca601

FF - user.js: extensions.claro.instlDay - 15587

FF - user.js: extensions.claro.vrsn - 1.6.4.1

FF - user.js: extensions.claro.vrsni - 1.6.4.1

FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.122:04

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - iclaro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
arend51 Groentje

arend51

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-09-12.03 - Eigenaar 12-09-2012 21:21:48.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4076.2397 [GMT 2:00]

Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-12 to 2012-09-12 ))))))))))))))))))))))))))))))

.

.

2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC\AppData\Local\temp

2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.002\AppData\Local\temp

2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.001\AppData\Local\temp

2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\UpdatusUser.Eigenaar-PC.000\AppData\Local\temp

2012-09-12 19:29 . 2012-09-12 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-12 08:48 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 08:48 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 08:48 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 08:48 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 08:48 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 08:48 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 08:48 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 18:45 . 2012-09-11 18:45 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes

2012-09-11 18:44 . 2012-09-11 18:44 -------- d-----w- c:\programdata\Malwarebytes

2012-09-11 18:44 . 2012-09-11 18:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-11 18:44 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-11 08:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48957CA1-2D9B-41D0-9769-A52C3F8A0498}\mpengine.dll

2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Local\Windows Live Writer

2012-09-09 18:58 . 2012-09-09 18:58 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Windows Live Writer

2012-09-09 18:09 . 2012-09-09 18:09 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Jetdogs Studios

2012-09-09 10:21 . 2012-09-09 10:22 -------- d-----w- c:\users\Eigenaar\AppData\Local\Deployment

2012-09-09 09:28 . 2012-09-09 09:28 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-09 09:28 . 2012-09-09 09:28 -------- d-----w- c:\program files (x86)\Trend Micro

2012-09-06 09:03 . 2012-09-06 09:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\FOP

2012-09-04 20:03 . 2012-09-04 20:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\ExpressFiles

2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-02 15:46 . 2012-09-02 15:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-02 15:46 . 2012-09-02 15:46 -------- d-----w- c:\program files (x86)\Java

2012-08-29 08:58 . 2012-08-29 08:58 -------- d-----w- c:\programdata\SulusGames

2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-08-28 20:54 . 2012-08-28 20:54 -------- d-----r- c:\program files (x86)\Skype

2012-08-22 19:37 . 2012-08-22 19:37 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\TOSST

2012-08-16 19:06 . 2012-08-16 19:06 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\PlataGames

2012-08-15 11:29 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-15 08:20 . 2012-08-16 08:38 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E

2012-08-15 08:06 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 08:06 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 08:05 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 08:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 08:05 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 08:05 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 08:05 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 08:05 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-15 08:05 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 08:05 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 08:05 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 08:05 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-14 20:50 . 2012-08-14 20:50 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\EurekaLog

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 10:15 . 2011-09-12 13:06 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-09-02 15:46 . 2012-07-02 08:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-02 15:46 . 2011-10-10 09:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-23 08:56 . 2012-04-03 08:17 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-23 08:56 . 2011-09-14 10:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-07 22:10 . 2012-08-07 22:10 207289 ----a-w- C:\torrent.exe

2012-07-18 18:52 . 2012-05-09 20:52 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-18 18:52 . 2012-05-09 20:52 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-07-18 18:52 . 2012-05-09 20:52 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-18 18:52 . 2012-05-09 20:52 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-12_09.54.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-09-12 10:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-08-28 20:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-08-28 20:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-09-12 10:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-28 20:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-09-12 10:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-09-12 18:23 62626 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-12 18:23 43428 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-09-12 12:43 . 2012-09-12 18:23 17366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3745490635-2143929647-3478600528-1000_UserData.bin

+ 2009-07-14 05:30 . 2012-09-12 10:21 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2012-08-15 19:16 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys

+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys

+ 2012-09-12 08:48 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys

+ 2012-09-12 08:48 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys

- 2011-09-12 11:38 . 2012-09-09 10:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-12 11:38 . 2012-09-12 10:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-12 11:38 . 2012-09-12 10:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-09-12 11:38 . 2012-09-09 10:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-09-12 10:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-09-09 10:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-09-12 18:29 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-03-13 21:27 . 2012-08-15 11:31 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 43608 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 43608 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe

- 2012-09-12 08:41 . 2012-09-12 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-12 18:21 . 2012-09-12 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-12 18:21 . 2012-09-12 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-09-12 08:41 . 2012-09-12 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-07 01:20 . 2012-08-19 18:59 701798 c:\windows\system32\perfh013.dat

+ 2011-07-07 01:20 . 2012-09-12 18:25 701798 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-08-19 18:59 616242 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-09-12 18:25 616242 c:\windows\system32\perfh009.dat

- 2011-07-07 01:20 . 2012-08-19 18:59 133798 c:\windows\system32\perfc013.dat

+ 2011-07-07 01:20 . 2012-09-12 18:25 133798 c:\windows\system32\perfc013.dat

- 2009-07-14 02:36 . 2012-08-19 18:59 106622 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-09-12 18:25 106622 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:30 . 2012-09-12 10:21 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-08-15 19:16 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-08-15 19:16 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2012-09-12 10:21 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:31 . 2012-09-12 10:21 399360 c:\windows\system32\DriverStore\drvindex.dat

- 2009-07-14 05:31 . 2012-08-15 19:16 399360 c:\windows\system32\DriverStore\drvindex.dat

- 2009-07-14 05:01 . 2012-09-11 19:35 390272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-09-12 11:20 390272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-03-13 21:27 . 2012-09-12 10:19 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 470616 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 470616 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe

+ 2009-07-14 04:45 . 2012-09-12 10:25 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-08-15 19:21 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2012-08-29 20:37 . 2012-08-29 20:37 3449344 c:\windows\Installer\5a5ef8.msp

+ 2012-03-13 21:27 . 2012-09-12 10:19 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe

- 2012-03-13 21:27 . 2012-08-15 11:31 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe

+ 2012-03-13 21:27 . 2012-09-12 10:19 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe

- 2009-07-14 02:34 . 2012-08-15 19:17 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-09-12 10:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2011-09-14 15:42 . 2012-09-09 20:40 11376380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3745490635-2143929647-3478600528-1000-8192.dat

+ 2011-09-14 15:42 . 2012-09-12 10:20 11376380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3745490635-2143929647-3478600528-1000-8192.dat

+ 2011-09-14 15:42 . 2012-09-12 11:20 29962270 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3745490635-2143929647-3478600528-1000-4096.dat

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"KPN Assistent"="c:\program files (x86)\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"RAInstaller c:\gamehouse games\The Chronicles of Shakespeare - A Midsummer Night's Dream"="rmdir" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R4 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-03-28 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120911.001\IDSvia64.sys [2012-09-01 513184]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 349736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:56]

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000Core.job

- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22]

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000UA.job

- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 10:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\ryyvcqlt.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-09-12 21:32:49

ComboFix-quarantined-files.txt 2012-09-12 19:32

ComboFix2.txt 2012-09-12 10:07

.

Pre-Run: 157.193.183.232 bytes beschikbaar

Post-Run: 157.448.130.560 bytes beschikbaar

.

- - End Of File - - E5959F991D8AE447374F85F975491637

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.