Ga naar inhoud

Onderdeel van botnet wat nu? + controle Hijack-logje


Aanbevolen berichten

Hi Kape,

Ik heb combifix een scan laten doen, moest ff moet bij elkaar rapen :D Af en toe ben ik a bit of a sissy. De scan leverde het volgende logbestand. Ik ben benieuwd wat je bevindingen zijn.

ComboFix 12-09-15.02 - Eeltje 16-09-2012 13:05:15.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.4063.2501 [GMT 2:00]

Gestart vanuit: c:\users\Eeltje\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

c:\programdata\windows

c:\users\Eeltje\AppData\Local\TempDIR

c:\users\Eeltje\AppData\Roaming\Adobe\plugs

c:\users\Eeltje\AppData\Roaming\Help\coredb\storage

c:\users\Eeltje\AppData\Roaming\Ogyfwu

c:\users\Eeltje\AppData\Roaming\Ogyfwu\lita.uza

c:\windows\Update.bat

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))

.

.

2012-09-16 11:17 . 2012-09-16 11:17 -------- d-----w- c:\users\Mark\AppData\Local\temp

2012-09-16 11:17 . 2012-09-16 11:17 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-09-16 11:17 . 2012-09-16 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-16 10:54 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6407CEF2-4A9D-4D50-AC80-D9C0A8218FD4}\mpengine.dll

2012-09-15 08:43 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-12 07:48 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 07:48 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 07:48 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 07:48 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 07:48 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 07:48 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 07:48 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 16:22 . 2012-09-11 16:22 388096 ----a-r- c:\users\Eeltje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-11 16:22 . 2012-09-11 16:22 -------- d-----w- c:\program files (x86)\Trend Micro

2012-09-10 10:02 . 2012-09-10 10:04 -------- d-----w- c:\programdata\HitmanPro

2012-09-09 14:21 . 2012-09-09 14:21 -------- d-----w- c:\users\Eeltje\AppData\Roaming\Malwarebytes

2012-09-09 14:21 . 2012-09-09 14:21 -------- d-----w- c:\programdata\Malwarebytes

2012-09-09 14:21 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-09 14:21 . 2012-09-11 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-28 10:42 . 2012-09-09 18:00 -------- d-----w- c:\users\Eeltje\AppData\Roaming\TeamViewer

2012-08-24 12:59 . 2012-08-26 09:01 -------- d-----w- c:\users\Eeltje\AppData\Roaming\Iconix

2012-08-24 12:59 . 2012-08-24 12:59 -------- d-----w- c:\programdata\Iconix

2012-08-24 12:59 . 2012-08-24 12:59 -------- d-----w- c:\program files (x86)\Common Files\Iconix

2012-08-24 12:59 . 2012-08-24 12:59 -------- d-----w- c:\program files (x86)\Iconix

2012-08-22 16:06 . 2012-08-24 09:17 -------- d-----w- c:\users\Eeltje\AppData\Roaming\Umudw

2012-08-22 16:06 . 2012-08-24 09:11 -------- d-----w- c:\users\Eeltje\AppData\Roaming\Evfocy

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-13 09:25 . 2010-01-17 08:30 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 18:15 . 2012-08-15 09:29 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-15 15:11 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-15 09:29 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-15 09:29 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-15 09:29 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-15 09:29 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-06-29 04:55 . 2012-08-15 15:09 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-29 04:09 . 2012-08-15 15:09 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-29 03:56 . 2012-08-15 15:09 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 03:49 . 2012-08-15 15:09 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-29 03:49 . 2012-08-15 15:09 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 03:48 . 2012-08-15 15:09 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 03:47 . 2012-08-15 15:09 237056 ----a-w- c:\windows\system32\url.dll

2012-06-29 03:45 . 2012-08-15 15:09 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-29 03:44 . 2012-08-15 15:09 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-29 03:43 . 2012-08-15 15:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 03:42 . 2012-08-15 15:09 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-29 03:40 . 2012-08-15 15:09 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-29 03:39 . 2012-08-15 15:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 03:35 . 2012-08-15 15:09 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-29 00:16 . 2012-08-15 15:09 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-29 00:09 . 2012-08-15 15:09 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-29 00:08 . 2012-08-15 15:09 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 15:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 15:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-11 39408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Eeltje\AppData\Local\Temp\Rar$EX00.803\Run\a2ddax64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1255736]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 23040]

S2 IconixService;Iconix Update Service;c:\program files (x86)\Common Files\Iconix\IconixService.exe [2012-03-19 284512]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-09-23 365904]

S2 SW2SVC;SecureW2 Service;c:\program files (x86)\SecureW2\sw2_service.exe [2011-03-06 119688]

S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 719152]

S2 WTService;WTService;c:\windows\System32\atwtusb.exe [2010-04-13 669416]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 59392]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-04-05 7680512]

S3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [2008-05-26 49968]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - eeCtrl

*Deregistered* - EraserUtilRebootDrv

*Deregistered* - IDSVia64

*Deregistered* - SymEFA

*Deregistered* - SYMFW

*Deregistered* - SYMNDISV

*Deregistered* - SYMTDI

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 13:31]

.

2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 13:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF26531.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Eeltje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.254

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-(Default) - (no file)

AddRemove-Wireless Presenter - c:\program files (x86)\Psiloc\WirelessPresenter\uninst.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

.

**************************************************************************

.

Voltooingstijd: 2012-09-16 13:30:13 - machine werd herstart

ComboFix-quarantined-files.txt 2012-09-16 11:30

.

Pre-Run: 127.781.015.552 bytes free

Post-Run: 129.154.797.568 bytes free

.

- - End Of File - - 65450D7B8853BAED7774B048958D784B

Link naar reactie
Delen op andere sites

  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Voor "a bit of a sissy" heb je dat niet slecht gedaan xD

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Eeltje\AppData\Roaming\Umudw

c:\users\Eeltje\AppData\Roaming\Evfocy

DDS::

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Haha, mijn computer doet het nog steeds dus het kan nog slecht, hihi... Maar ik heb wel een stomme fout gemaakt, ik heb mijn usernaam in het logbestand veranderd, omdat ik niet met mijn naam gekoppeld aan dit logbestand op internet staan. Dus de vetgedrukte tekst heb ik in kladblok geplaatst, zonder dat ik mijn username weer door mijn échte username heb vervangen. Stom stom stom. Dezelfde stap heb ik daarom 2 maal uitgevoerd 1x met en 1x zonder mijn échte username. Ik vraag me af of dit nu gevolgen heeft voor het logbestand of evt aanpassingen die gedaan zijn.

Ik weet trouwesn niet wat ik nu gedaan heb met de laatste stap die ik op je advies heb uitgevoerd. Kan je me dat vertellen?

ComboFix 12-09-15.02 - Eeltje 16-09-2012 15:20:21.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.4063.2306 [GMT 2:00]

Gestart vanuit: c:\users\Eeltje\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Eeltje\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Eeltje\AppData\Roaming\Evfocy

c:\users\Eeltje\AppData\Roaming\Umudw

c:\users\Eeltje\AppData\Roaming\Umudw\dyhok.uwe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))

.

.

2012-09-16 13:25 . 2012-09-16 13:25 -------- d-----w- c:\users\Mark\AppData\Local\temp

2012-09-16 13:25 . 2012-09-16 13:25 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-09-16 13:25 . 2012-09-16 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-16 12:14 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D0547F3-5C57-40C9-8BEC-87C823E554BF}\mpengine.dll

2012-09-15 08:43 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-12 07:48 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 07:48 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 07:48 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 07:48 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 07:48 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 07:48 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 07:48 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 16:22 . 2012-09-11 16:22 388096 ----a-r- c:\users\Eeltje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-11 16:22 . 2012-09-11 16:22 -------- d-----w- c:\program files (x86)\Trend Micro

2012-09-10 10:02 . 2012-09-10 10:04 -------- d-----w- c:\programdata\HitmanPro

2012-09-09 14:21 . 2012-09-09 14:21 -------- d-----w- c:\users\Eeltje\AppData\Roaming\Malwarebytes

2012-09-09 14:21 . 2012-09-09 14:21 -------- d-----w- c:\programdata\Malwarebytes

2012-09-09 14:21 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-09 14:21 . 2012-09-11 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-28 10:42 . 2012-09-09 18:00 -------- d-----w- c:\users\Eeltje\AppData\Roaming\TeamViewer

2012-08-24 12:59 . 2012-08-26 09:01 -------- d-----w- c:\users\Eeltje\AppData\Roaming\Iconix

2012-08-24 12:59 . 2012-08-24 12:59 -------- d-----w- c:\programdata\Iconix

2012-08-24 12:59 . 2012-08-24 12:59 -------- d-----w- c:\program files (x86)\Common Files\Iconix

2012-08-24 12:59 . 2012-08-24 12:59 -------- d-----w- c:\program files (x86)\Iconix

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-13 09:25 . 2010-01-17 08:30 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 18:15 . 2012-08-15 09:29 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-15 15:11 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-15 09:29 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-15 09:29 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-15 09:29 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-15 09:29 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-06-29 04:55 . 2012-08-15 15:09 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-29 04:09 . 2012-08-15 15:09 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-29 03:56 . 2012-08-15 15:09 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 03:49 . 2012-08-15 15:09 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-29 03:49 . 2012-08-15 15:09 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 03:48 . 2012-08-15 15:09 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 03:47 . 2012-08-15 15:09 237056 ----a-w- c:\windows\system32\url.dll

2012-06-29 03:45 . 2012-08-15 15:09 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-29 03:44 . 2012-08-15 15:09 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-29 03:43 . 2012-08-15 15:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 03:42 . 2012-08-15 15:09 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-29 03:40 . 2012-08-15 15:09 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-29 03:39 . 2012-08-15 15:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 03:35 . 2012-08-15 15:09 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-29 00:16 . 2012-08-15 15:09 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-29 00:09 . 2012-08-15 15:09 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-29 00:08 . 2012-08-15 15:09 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 15:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 15:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-16_11.23.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-10 16:29 . 2012-09-16 11:56 65126 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-16 11:56 51624 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-10 16:29 . 2012-09-16 11:56 21142 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2107931801-729341328-2330275077-1001_UserData.bin

- 2009-12-09 22:28 . 2012-09-16 11:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-09 22:28 . 2012-09-16 12:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-09 22:28 . 2012-09-16 11:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-09 22:28 . 2012-09-16 12:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-09-16 11:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-09-16 12:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-04 00:23 . 2012-09-16 11:51 6132 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2009-12-09 22:59 . 2012-09-16 11:21 5465 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2009-12-09 22:59 . 2012-09-16 11:51 5465 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-09-16 11:22 . 2012-09-16 11:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-16 11:52 . 2012-09-16 11:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-16 11:52 . 2012-09-16 11:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-09-16 11:22 . 2012-09-16 11:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:36 . 2012-09-16 11:57 618370 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-09-16 11:06 618370 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-09-16 11:57 107650 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-09-16 11:06 107650 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-09-16 11:21 501976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-09-16 11:51 501976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-11 39408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Eeltje\AppData\Local\Temp\Rar$EX00.803\Run\a2ddax64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1255736]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 23040]

S2 IconixService;Iconix Update Service;c:\program files (x86)\Common Files\Iconix\IconixService.exe [2012-03-19 284512]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-09-23 365904]

S2 SW2SVC;SecureW2 Service;c:\program files (x86)\SecureW2\sw2_service.exe [2011-03-06 119688]

S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 719152]

S2 WTService;WTService;c:\windows\System32\atwtusb.exe [2010-04-13 669416]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 59392]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-04-05 7680512]

S3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [2008-05-26 49968]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - eeCtrl

*Deregistered* - EraserUtilRebootDrv

*Deregistered* - IDSVia64

*Deregistered* - SymEFA

*Deregistered* - SYMFW

*Deregistered* - SYMNDISV

*Deregistered* - SYMTDI

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 13:31]

.

2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 13:31]

.

.

--------- X64 Entries -----------

.

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Eeltje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.254

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-09-16 15:28:13

ComboFix-quarantined-files.txt 2012-09-16 13:28

ComboFix2.txt 2012-09-16 13:16

ComboFix3.txt 2012-09-16 11:30

.

Pre-Run: 129.040.580.608 bytes free

Post-Run: 128.964.943.872 bytes free

.

- - End Of File - - 43B2D4833D096AAC1188A969B7436A79

aangepast door Eeltje
Link naar reactie
Delen op andere sites

Het wijzigen van die naam heeft geen invloed gehad op de resultaten. Wat je nu gedaan hebt is besmette mappen, die in je vorige logje ontdekt werden, nog verwijderd. Nu zou de toestand van je PC weer OK moeten zijn. Heb je nog merkbare problemen ? Anders beginnen we aan de "grote schoonmaak" ... ook voor "sissies" een "piece of cake":-)

Link naar reactie
Delen op andere sites

Die melding zou normaal moeten verdwijnen, na deze opruiming : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Link naar reactie
Delen op andere sites

Ja in IE.

Maar ik vraag me nu af of het een mededeling is die ik gewoon moet negeren en dat ik dus kan klikken op "In the future, don't show this message anymore." Of is het een waarschuwing die ik serieus moet nemen en dus het probleem oplossen zodat ik iedere webpagina kan bezoeken via een beveiligde verbinding?

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.