SSMMgr.exe reageert niet/sisbase.dll niet gevonden

[Relinda]

Hi,

Krijg bij het uitschakelen van mijn pc telkens deze regel te zien.

Bij het opstarten krijg ik dan weer sisbase.dll niet gevonden.

Heb al geprobeerd om te downloaden maar mijn server wordt telkens onderbroken, antivirusprogramma ziet dit als spyware.

Wat kan ik doen?

groetjes

Linda

[kape]

Heb je een printer van Samsung, toevallig ?

[Relinda]

Hadden we...heb ondertussen ook gezien dat het bestand 'SSMMgr.exe' gekoppeld was aan de map van de samsung printer maar die heb ik onlangs uit de software gegooid. Heeft dit er mee te maken?

Linda

[kape]

De foutmelding wordt inderdaad veroorzaakt doordat de PC zoekt naar een bestand van deze printer, dat dus (vermoedelijk) niet meer aanwezig is. Zijn er nog mappen van Samsung of andere printeronderdelen die je niet verwijderd hebt ? Zo ja, mag je deze allemaal verwijderen. Of doe het anders met CCleaner.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

[Relinda]

Hi, heb gedaan wat je vertelde. Eerst probeerde ik zelf alles te verwijderen maar bij het verwijderen van de files gaf hij de melding dat hij de geselecteerde bestanden niet kon verwijderen omdat het bestand SSMMgri.exe waarschijnlijk in gebruik is (en nog andere redenen). Dan heb ik het gedaan met cccleaner zoals je zei, maar zonder resultaat. Heb de pc uitgezet en terug aan, maar er is niks verandert.

gr, Linda

[kape]

Welke Windows-versie heb je ?

[Relinda]

Windows xp

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Relinda]

ComboFix 12-11-03.02 - dbc 03/11/2012 20:11:40.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.895.229 [GMT 1:00]

Gestart vanuit: c:\documents and settings\dbc\Bureaublad\ComboFix.exe

AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\dbc\Application Data\PriceGong

c:\documents and settings\dbc\Application Data\PriceGong\Data\1.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\6174.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\a.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\b.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\c.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\d.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\e.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\f.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\g.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\h.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\i.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\j.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\k.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\l.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\m.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\dbc\Application Data\PriceGong\Data\n.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\o.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\p.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\q.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\r.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\s.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\t.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\u.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\v.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\w.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\x.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\y.txt

c:\documents and settings\dbc\Application Data\PriceGong\Data\z.txt

c:\documents and settings\dbc\WINDOWS

c:\windows\IsUn0413.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\unin0407.exe

c:\windows\unin0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-03 to 2012-11-03 ))))))))))))))))))))))))))))))

.

.

2012-11-03 17:42 . 2012-11-03 17:42 -------- d-----w- c:\documents and settings\dbc\Application Data\TuneUp Software

2012-11-03 17:42 . 2012-11-03 18:15 -------- d-----w- c:\program files\TuneUp Utilities 2013

2012-11-03 17:42 . 2012-11-03 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2012-11-02 17:26 . 2012-11-03 15:22 -------- d--h--r- c:\documents and settings\dbc\Onlangs geopend

2012-11-02 16:33 . 2012-11-02 16:47 -------- d-----w- c:\program files\CCleaner

2012-11-02 16:30 . 2012-11-02 16:31 4010544 ----a-w- C:\ccsetup324.exe

2012-11-02 15:56 . 2012-11-03 17:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-11-02 15:56 . 2012-11-02 15:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-11-02 12:48 . 2012-11-02 12:48 -------- d-----w- c:\program files\Ask.com

2012-11-02 12:48 . 2012-11-02 12:48 -------- d-----w- C:\Firefox

2012-11-02 12:48 . 2012-11-02 13:11 -------- d-----w- c:\documents and settings\dbc\Local Settings\Application Data\AskToolbar

2012-11-02 12:43 . 2012-11-02 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask

2012-11-02 12:43 . 2012-11-02 12:42 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-02 12:43 . 2012-11-02 12:42 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-02 10:59 . 2012-11-02 10:59 -------- d-----w- c:\documents and settings\dbc\Application Data\DriverCure

2012-11-02 10:59 . 2012-11-02 10:59 -------- d-----w- c:\documents and settings\dbc\Application Data\SpeedMaxPc

2012-11-02 10:59 . 2012-11-02 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc

2012-10-30 19:09 . 2012-10-30 19:09 388096 ----a-r- c:\documents and settings\dbc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-30 19:09 . 2012-10-30 19:09 -------- d-----w- c:\program files\Trend Micro

2012-10-30 12:29 . 2012-10-30 12:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-10-23 09:28 . 2011-06-01 02:17 987904 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys

2012-10-21 08:45 . 2012-10-21 08:45 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2012-10-21 08:45 . 2012-10-21 08:45 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2012-10-14 05:31 . 2012-10-14 05:31 -------- d-----w- c:\program files\Heat Pump Configurator

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-02 12:42 . 2008-09-10 11:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-08 17:50 . 2012-04-08 08:58 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-08 17:50 . 2011-08-09 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:17 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2008-04-14 22:11 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-10-16 23:46 1521352 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 376912]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"IsaKbcCertUpdate"="c:\program files\Common Files\Isabel\isa_kbc_certupdate.exe" [2010-07-06 1023576]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2007-06-25 36864]

"SetIcon"="c:\program files\Icons\SetIcon.exe" [2002-12-16 39936]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-08-06 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-16 1573576]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2010-7-31 253952]

Instant Update Herinnering.lnk - c:\program files\U.S. Robotics\ControlCenter\Reminder.exe [2008-9-10 851968]

Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\bin\w3dbsmgr.exe [2006-5-18 106546]

Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-12-27 2297856]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-9-10 262144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"getPlus® Helper"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\PVSW\\bin\\w3dbsmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\ESET\\ESET Smart Security\\egui.exe"=

"c:\\Program Files\\RALINK\\Common\\RaUI.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 7:21 468224]

R2 MSSQL$MNTTOOL;SQL Server (MNTTOOL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 18:29 29293408]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]

R3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [23/10/2012 10:28 987904]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [11/09/2009 9:24 29292]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [15/04/2008 13:00 14336]

S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [29/09/2008 12:10 16384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:50]

.

2012-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2012-11-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-10-16 23:46]

.

2012-11-03 c:\windows\Tasks\User_Feed_Synchronization-{8BC598E8-C7AC-4FB5-8345-54948AF3317F}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Free YouTube to MP3 Converter - c:\documents and settings\dbc\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: kbc.be

Trusted Zone: kbcgroup.eu

TCP: DhcpNameServer = 195.130.130.131 195.130.131.131

DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB

DPF: {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} - hxxp://www.dvmsystem.com/TrustNET/SecuiSecIE_eng.cab

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScript

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

AddRemove-Therm 4.0 - c:\windows\IsUn0413.exe

AddRemove-WSCAD41DeinstKey - c:\windows\unin0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-11-03 20:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2012-11-03 20:29:20

ComboFix-quarantined-files.txt 2012-11-03 19:29

.

Pre-Run: 19.777.257.472 bytes beschikbaar

Post-Run: 21.733.556.224 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - F3CF254762964A547A3AB8331887CB62

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\ccsetup324.exe

Folder::

c:\documents and settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

c:\program files\Ask.com

c:\documents and settings\dbc\Local Settings\Application Data\AskToolbar

c:\documents and settings\All Users\Application Data\Ask

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ApnUpdater"=-

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.