ComboFix logje, na verwijdering van Ukash/Politie Virus

[Edward Wouters]

Toch nog even checken voor de volledigheid

- Vermoedelijk is alles 'Spic & Span', maar je weet maar nooit..

ComboFix 12-10-02.02 - Edward 02/10/2012 21:25:51.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4003.2498 [GMT 2:00]

Gestart vanuit: c:\users\Edward\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-02 to 2012-10-02 ))))))))))))))))))))))))))))))

.

.

2012-10-02 19:35 . 2012-10-02 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-02 19:33 . 2012-10-02 19:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D4C120-BE11-4BFA-9A06-ED1EB69C372D}\offreg.dll

2012-10-02 16:48 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D4C120-BE11-4BFA-9A06-ED1EB69C372D}\mpengine.dll

2012-09-29 12:39 . 2012-09-29 12:39 -------- d-----w- c:\program files\Enigma Software Group

2012-09-29 12:38 . 2012-09-30 11:25 -------- d-----w- c:\windows\D4EFA08DA1924007987D71BFF23B2F8F.TMP

2012-09-29 12:38 . 2012-09-29 12:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-09-29 07:19 . 2012-09-29 07:19 -------- d-----w- c:\users\Edward\AppData\Roaming\Malwarebytes

2012-09-29 07:19 . 2012-09-29 07:19 -------- d-----w- c:\programdata\Malwarebytes

2012-09-29 07:19 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-29 07:19 . 2012-09-29 07:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-29 01:33 . 2012-09-29 01:33 -------- d-----w- c:\program files\CCleaner

2012-09-26 14:55 . 2012-09-26 14:55 -------- d-----w- c:\users\Edward\AppData\Local\ABBYY

2012-09-26 14:53 . 2012-09-26 14:55 -------- d-----w- c:\program files (x86)\ABBYY FineReader 6.0 Sprint

2012-09-26 08:52 . 2012-09-26 08:52 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-26 08:52 . 2012-09-26 08:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-26 03:36 . 2012-10-02 19:23 -------- d-----w- c:\programdata\Kaspersky Lab

2012-09-26 03:36 . 2012-09-26 03:36 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-09-26 03:36 . 2012-05-29 13:55 85336 ----a-w- c:\windows\system32\drivers\klflt.sys

2012-09-26 03:36 . 2012-05-29 13:55 640344 ----a-w- c:\windows\system32\drivers\klif.sys

2012-09-26 03:23 . 2012-09-26 03:23 -------- d---a-w- c:\users\.wh..wh.plnk

2012-09-26 03:23 . 2012-09-26 03:23 -------- d---a-w- c:\users\.wh..wh.orph

2012-09-26 03:23 . 2012-09-26 03:23 -------- d---a-w- C:\InstantOnOS

2012-09-26 03:18 . 2012-09-26 03:18 -------- d-----w- c:\users\Edward\AppData\Roaming\U3

2012-09-26 01:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 23:57 . 2012-09-25 23:57 -------- d-----w- c:\users\Edward\AppData\Roaming\Skinux

2012-09-25 23:52 . 2012-09-25 23:52 -------- d-----w- c:\users\Edward\AppData\Local\Programs

2012-09-25 23:52 . 2012-09-25 23:52 -------- d-----w- c:\users\Edward\AppData\Local\ArcSoft

2012-09-25 23:52 . 2012-09-25 23:52 -------- d-----w- c:\users\Edward\AppData\Roaming\Arcsoft

2012-09-25 23:52 . 2012-09-27 04:33 -------- d-----w- c:\programdata\ArcSoft

2012-09-25 23:51 . 2012-09-30 11:21 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft

2012-09-25 23:51 . 2012-09-30 11:21 -------- d-----w- c:\program files (x86)\ArcSoft

2012-09-25 23:51 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2012-09-25 23:51 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-09-25 23:51 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-09-25 23:51 . 2012-09-25 23:48 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2012-09-25 23:51 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-09-25 23:45 . 2012-09-25 23:45 -------- d-----w- c:\windows\Downloaded Installations

2012-09-25 23:26 . 2012-09-25 23:26 -------- d-----w- c:\users\Edward\AppData\Local\KodakGallery

2012-09-25 13:31 . 2012-09-25 23:51 -------- d-----w- c:\program files (x86)\Kodak

2012-09-25 13:27 . 2012-09-30 11:14 -------- d-----w- c:\programdata\Kodak

2012-09-23 11:41 . 2012-09-25 23:30 -------- d-----w- c:\users\Edward\AppData\Roaming\Apple Computer

2012-09-21 20:02 . 2012-09-21 20:02 -------- d-----w- c:\users\Edward\AppData\Local\Apple

2012-09-21 20:01 . 2012-09-21 20:02 -------- d-----w- c:\programdata\Apple

2012-09-21 14:51 . 2012-09-21 14:51 -------- d-----w- c:\users\Edward\AppData\Roaming\EPSON

2012-09-21 13:09 . 2009-04-30 22:00 17408 ----a-w- c:\windows\system32\esxcdev.dll

2012-09-21 13:09 . 2009-04-30 22:00 128392 ----a-w- c:\windows\system32\esdevapp.exe

2012-09-21 13:09 . 2007-12-05 22:00 84992 ----a-w- c:\windows\system32\esxwia54.dll

2012-09-21 13:09 . 2007-07-15 22:00 65793 ----a-w- c:\windows\system32\esfw54.bin

2012-09-21 13:09 . 2007-07-15 22:00 184832 ----a-w- c:\windows\system32\esxuin54.dll

2012-09-21 13:09 . 2007-07-15 22:00 172032 ----a-w- c:\windows\SysWow64\esint54.dll

2012-09-21 13:09 . 2006-03-09 22:00 4608 ----a-w- c:\windows\system32\esxwiaml.dll

2012-09-21 13:09 . 2012-09-21 13:09 -------- d-----w- c:\program files (x86)\epson

2012-09-12 08:59 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 08:59 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 08:59 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 08:59 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 08:59 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 08:59 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 08:59 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-26 08:52 . 2012-07-16 15:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-26 08:52 . 2011-04-24 10:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-21 20:06 . 2012-06-07 05:20 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-21 20:06 . 2012-06-07 05:20 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-12 10:02 . 2011-04-23 23:44 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-31 00:31 . 2012-08-31 00:31 0 ----a-w- c:\windows\SysWow64\shoB124.tmp

2012-07-18 18:15 . 2012-08-15 09:07 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 12:32 . 2012-07-10 12:32 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-06 20:07 . 2012-08-15 12:57 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-15 09:08 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-15 09:08 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-15 09:08 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-15 09:08 41984 ----a-w- c:\windows\SysWow64\browcli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2010-12-15 207400]

"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]

"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 218880]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 136176]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-12-15 44928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 136176]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]

R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys [2010-09-16 1077416]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-25 1255736]

R3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 15896]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-03-27 30000]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-05-12 54064]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-05-24 172888]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-03-24 25496]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-05-25 27992]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-02-24 8591872]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-02-10 181760]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]

S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 20:06]

.

2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 13:59]

.

2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 13:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11785832]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-28 2207848]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

TCP: DhcpNameServer = 195.130.131.129 195.130.130.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-10-02 21:40:18

ComboFix-quarantined-files.txt 2012-10-02 19:40

.

Pre-Run: 551.474.491.392 bytes beschikbaar

Post-Run: 551.083.069.440 bytes beschikbaar

.

- - End Of File - - 4F7A66AE08579134165F0E27FC8924EF

[Edward Wouters]

- Ik maak me zorgen omtrent dit 'executable' programma:

2012-09-26 01:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

Dit is geïnstalleerd om en bij het moment dat het Ukash / Politievirus binnengekomen is..

[kape]

Dan kan je dit - voor de zekerheid - eens laten scannen door Jotti .

[Edward Wouters]

Alles lijkt o.k. Het was hoogstwaarschijnlijk een update van de Microsoft XPS-Converter.

OxpsConverter.exe - Jotti's malware scan

https://www.virustotal.com/file/0dc4a89b215b50e6705e2343dc750db8466664fe140247af66c48119b307f8b1/analysis/1348683169/

You cannot open an .oxps file in Windows 7 or in Windows Server 2008 R2

[Edward Wouters]

Bedankt voor je tijd..,

Edward

[Edward Wouters]

You cannot open an .oxps file in Windows 7 or in Windows Server 2008 R2

In het Engels leest het artikel heel wat beter dan in de robotvertaling naar het Nedelands..

[kape]

Mooi zo ... dan kunnen we dit als "opgelost" markeren. Vergeet niet om Combofix op de geëigende manier te verwijderen.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

[Edward Wouters]

Oei, ik heb ComboFix op de desktop geïnstalleerd. Na gebruik heb ik het naar de prullebak verwezen en vervolgens gewist.

Installeer ik het opnieuw om het vervolgens te de-installeren met ComboFix / Uninstall?

[kape]

Om alle ins and outs van Combofix te verwijderen, is de aangegeven methode de enige goede. In jouw geval is het programma en zijn bestanden verwijderd, maar enkele andere aanpassingen zijn dan niet gebeurd. Dus ja, opnieuw downloaden en dan terug verwijderen via Combofix /Uninstall is een goede keuze.

[Edward Wouters]

Beste Kape,

Ik heb het nog even nagezien:

ComboFix, HijackThis en RogueKiller zijn 'stand alone' programma's, die je van op je desktop laat draaien. (Ze werken low level ?)

Bij deze programma's is het icoontje op de desktop dan ook het eigenlijke *.exe bestand, en er is geen 'uninstall' programma voorzien. Je vindt ze dan ook niet terug in de lijst van geïnstalleerde programma's in Windows.

Dit in tegenstelling tot 'Malwarebytes Anti-Malware' en 'CCleaner', die je met een snelkoppeling op je desktop bedient.

Hier dien je inderdaad te deïnstalleren via 'Programma's toevoegen of verwijderen', te vinden in het configuratiescherm.

Zou het kunnen dat je het deïnstalleren van ComboFix even verwarde met dat van CCleaner?

;-)

Vriendelijke groet,

Edward