Laptop is erg traag

knijn · 18 augustus 2013

ComboFix 13-08-16.03 - Kim 18-08-2013 12:08:19.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4091.2525 [GMT 2:00]

Gestart vanuit: c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93TZTI4O\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\program files (x86)\SaveShare

c:\program files (x86)\SaveShare\sprotector.dll

c:\program files (x86)\SaveShare\uninstall.exe

c:\programdata\sAvenshare

c:\programdata\sAvenshare\A.dll

c:\programdata\sAvenshare\A.tlb

c:\programdata\sAvenshare\data\sAvenshare.dat

c:\programdata\sAvenshare\settings.ini

c:\programdata\sAvenshare\y.dll

c:\users\Kim\AppData\Local\.#

c:\users\Kim\zoek.exe

c:\windows\SysWow64\X86

.

Besmet exemplaar van c:\windows\SysWow64\user32.dll werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-18 to 2013-08-18 ))))))))))))))))))))))))))))))

.

2013-08-16 06:55 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EB92433-49B2-4118-85E5-F580F015727A}\mpengine.dll

2013-08-15 22:16 . 2013-08-15 22:18 -------- d-----w- c:\windows\system32\MRT

2013-08-15 20:00 . 2013-08-15 20:00 -------- d-----w- c:\programdata\Funny Bear Studio

2013-08-15 20:00 . 2011-08-16 11:48 -------- d-----w- c:\users\Kim\World Riddles 3 _Secrets of the Ages

2013-08-15 12:31 . 2013-08-15 12:31 -------- d-----w- c:\users\Kim\AppData\Roaming\Friday's games

2013-08-15 12:30 . 2012-01-28 05:35 -------- d-----w- c:\users\Kim\Gourma.._3_NL

2013-08-15 12:04 . 2013-08-15 12:30 -------- d-----w- c:\programdata\savensharei o

2013-08-15 06:42 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-08-15 06:42 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-08-15 06:42 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-08-15 06:42 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-08-15 06:42 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-15 06:42 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-08-15 06:42 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-15 06:42 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-08-11 19:54 . 2013-08-18 09:58 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-08-10 09:24 . 2013-08-10 09:25 -------- d-----w- c:\program files (x86)\Little Shop of Treasures Deluxe

2013-08-10 09:24 . 2010-01-27 21:29 25081658 ----a-w- c:\users\Kim\Little Shop of Treasures Deluxe.exe

2013-08-06 07:26 . 2013-08-06 07:26 -------- d-----w- c:\users\Kim\AppData\Roaming\Nordcurrent

2013-08-06 07:25 . 2013-08-05 22:04 -------- d-----w- c:\users\Kim\Happy Chef 2

2013-08-04 20:42 . 2013-08-04 20:42 -------- d-----w- c:\users\Kim\AppData\Roaming\Desperate Housewives

2013-08-04 20:17 . 2013-08-04 20:17 -------- d-----w- c:\program files (x86)\Buena Vista Games

2013-08-04 20:16 . 2013-08-04 20:16 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2013-08-04 20:16 . 2013-08-04 20:16 -------- d-----w- c:\users\Kim\AppData\Roaming\InstallShield

2013-07-27 22:47 . 2013-07-27 22:47 -------- d-----w- c:\users\Kim\AppData\Roaming\Tap It Games

2013-07-26 14:50 . 2013-07-26 14:50 -------- d-----w- c:\programdata\StarApp

2013-07-26 14:40 . 2013-08-15 20:00 -------- d-----w- c:\programdata\InstallMate

2013-07-24 13:17 . 2013-07-26 05:21 -------- d-----w- c:\users\Kim\AppData\Roaming\Ubisoft

2013-07-24 13:13 . 2013-07-24 13:13 -------- d-----w- c:\program files (x86)\Ubisoft

2013-07-24 13:11 . 2013-07-24 13:11 -------- d-----w- c:\users\Kim\AppData\Roaming\MysteryStudio

2013-07-24 10:45 . 2013-08-18 10:50 -------- d-----w- c:\users\Kim\AppData\Local\Temp

2013-07-24 10:45 . 2013-07-24 10:27 24064 ----a-w- c:\windows\zoek-delete.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-15 22:15 . 2012-11-13 07:11 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-16 21:53 . 2013-07-16 21:53 388096 ----a-r- c:\users\Kim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-16 21:52 . 2013-07-16 21:52 1402880 ----a-w- c:\users\Kim\HiJackThis.msi

2013-07-09 04:45 . 2013-08-15 06:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-07 08:54 . 2013-07-07 08:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-07 08:54 . 2012-11-08 11:44 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-07-07 08:54 . 2012-11-08 11:44 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-27 22:40 . 2013-03-14 16:18 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-27 22:40 . 2012-11-08 14:46 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-27 22:40 . 2012-11-08 14:46 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-12 08:35 . 2012-11-09 20:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 08:35 . 2012-11-09 20:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-05 03:34 . 2013-07-11 21:53 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-11 21:53 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-11 21:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2012-11-28 07:15 . 2013-01-28 18:15 85504 ---h--w- c:\program files (x86)\IeAdsBlocker.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F55A9352-6C81-1A82-F024-7CBF7C0919D2}]

2013-08-15 12:04 184320 ----a-w- c:\programdata\savensharei o\QaJcHO.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]

"Spotify Web Helper"="c:\users\Kim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-06 1104384]

"Spotify"="c:\users\Kim\AppData\Roaming\Spotify\Spotify.exe" [2013-07-06 4640768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 08:35]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\o3rq6e92.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2013-08-15 14:04; qy2gk4uio@eizuuii.org; c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\o3rq6e92.default\extensions\qy2gk4uio@eizuuii.org

FF - ExtSQL: 2013-08-16 18:04; ppc.bv1awgq@b-ayavcc.edu; c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\o3rq6e92.default\extensions\ppc.bv1awgq@b-ayavcc.edu

FF - ExtSQL: !HIDDEN! 2012-11-14 21:26; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS VERWIJDERD - - - -

.

BHO-{69FCDB30-084A-8DEF-27D0-F3913D4B2CD1} - c:\programdata\sAvenshare\A.dll

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-1ClickDownload - c:\program files (x86)\FTDownloader.com\uninst.exe

AddRemove-Dll-Files.com Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe

AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe

AddRemove-SP_703c874a - c:\program files (x86)\SaveShare\uninstall.exe

AddRemove-{0611430E-8ACB-63BC-59D5-094BA74F6D45} - c:\progra~3\INSTAL~1\{A22D9~1\Setup.exe

AddRemove-{0BCC2557-0893-C7C7-159F-741222C6B313} - c:\progra~3\INSTAL~1\{E17FE~1\Setup.exe

AddRemove-{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1 - c:\program files (x86)\Solibo Ltd\NCdownloader\unins000.exe

AddRemove-{12993942-DD3A-93E2-C271-CE9EDA334D26} - c:\progra~3\INSTAL~1\{2B359~1\Setup.exe

AddRemove-{16ED46D0-EF3C-C3AD-D468-77F505C98203} - c:\progra~3\INSTAL~1\{EF9E6~1\Setup.exe

AddRemove-{18267028-7522-C8A2-DCE0-01127F53EDB4} - c:\progra~3\INSTAL~1\{B1B9F~1\Setup.exe

AddRemove-{4B163043-CC8A-147E-3197-DA508F4FA2DE} - c:\progra~3\INSTAL~1\{28D9E~1\Setup.exe

AddRemove-{4C3EDE29-88E7-E1EB-2289-E36E9732453E} - c:\progra~3\INSTAL~1\{02299~1\Setup.exe

AddRemove-{51B8D190-8C9D-67B9-BBBA-B3A54CC45322} - c:\progra~3\INSTAL~1\{C5662~1\Setup.exe

AddRemove-{57695C90-8DB1-45C5-ECEC-44165360478A} - c:\progra~3\INSTAL~1\{9C79A~1\Setup.exe

AddRemove-{5FAEB08B-7EAB-0781-7EEB-31D3AC0B1ADA} - c:\progra~3\INSTAL~1\{67BF8~1\Setup.exe

AddRemove-{6890042F-2A66-3684-6E27-D5F86BBDB77F} - c:\progra~3\INSTAL~1\{92CAC~1\Setup.exe

AddRemove-{7FC77E0A-BE31-FADA-A999-03CD68157009} - c:\progra~3\INSTAL~1\{94616~1\Setup.exe

AddRemove-{9BEA2784-CBC6-AC80-E740-0175DFEE0BA9} - c:\progra~3\INSTAL~1\{85517~1\Setup.exe

AddRemove-{A2BAE8B9-9018-94AA-33A5-C3F6BA37BCC0} - c:\progra~3\INSTAL~1\{B3A54~1\Setup.exe

AddRemove-{A35747C3-1C97-9368-A69D-A384AB0CF8A5} - c:\progra~3\INSTAL~1\{4919C~1\Setup.exe

AddRemove-{ABD30C90-91D2-CE97-9006-AB90E1B4B02D} - c:\progra~3\INSTAL~1\{AF88D~1\Setup.exe

AddRemove-{AED7E0DA-B57E-C384-E268-0E38B5720DB1} - c:\progra~3\INSTAL~1\{617F5~1\Setup.exe

AddRemove-{B0AA2343-F71D-041B-F547-07F2B85DC689} - c:\progra~3\INSTAL~1\{32E4E~1\Setup.exe

AddRemove-{B313B61D-B5BF-C87D-C723-BAA7CABE2820} - c:\progra~3\INSTAL~1\{10FB9~1\Setup.exe

AddRemove-{BF2DB609-8FCA-D798-3A36-4C2F26474C5A} - c:\progra~3\INSTAL~1\{74111~1\Setup.exe

AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\uninstall.exe

AddRemove-{D5DF7465-5DE1-8672-BB6A-E95E9C0447E7} - c:\progra~3\INSTAL~1\{9517F~1\Setup.exe

AddRemove-{D880A1A1-747F-0AFC-36DF-6AB80B28EC54} - c:\progra~3\INSTAL~1\{B3B4C~1\Setup.exe

AddRemove-{E0272288-5372-FDA8-5A93-8A1306F65621} - c:\progra~3\INSTAL~1\{15922~1\Setup.exe

AddRemove-{EB9B3528-EA62-6D75-6716-BC4953A9DAF8} - c:\progra~3\INSTAL~1\{6231D~1\Setup.exe

AddRemove-{ED5F85F7-9926-D783-94AB-1CF7F05657F4} - c:\progra~3\INSTAL~1\{A2ECF~1\Setup.exe

AddRemove-{F1AF3311-0293-825A-3C1A-B7FD0106FFC4} - c:\progra~3\INSTAL~1\{50366~1\Setup.exe

AddRemove-GoforFiles - c:\program files (x86)\GoforFiles\uninstall.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1635193343-2580408697-3417977720-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1635193343-2580408697-3417977720-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\SysWOW64\IoctlSvc.exe

.

**************************************************************************

.

Voltooingstijd: 2013-08-18 12:55:39 - machine werd herstart

ComboFix-quarantined-files.txt 2013-08-18 10:55

.

Pre-Run: 384.410.374.144 bytes beschikbaar

Post-Run: 384.212.975.616 bytes beschikbaar

.

- - End Of File - - 0C19A7C11B3EE11871BFD020F3230315

A36C5E4F47E84449FF07ED3517B43A31

kape · 18 augustus 2013

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
 Registry::
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F55A9352-6C81-1A82-F024-7CBF7C0919D2}]

 Firefox::
 FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\o3rq6e92.default\
 FF - prefs.js: browser.search.defaulturl -
 FF - prefs.js: browser.search.selectedEngine -
 FF - prefs.js: keyword.URL -
 FF - prefs.js: browser.startup.homepage -
 FF - ExtSQL: 2013-08-15 14:04; qy2gk4uio@eizuuii.org; c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\o3rq6e92.default\extensions\qy2gk4uio@eizuuii. org
 FF - ExtSQL: 2013-08-16 18:04; ppc.bv1awgq@b-ayavcc.edu; c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\o3rq6e92.default\extensions\ppc.bv1awgq@b-ayavcc.edu

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

knijn · 18 augustus 2013

ComboFix 13-08-18.01 - Kim 18-08-2013 17:14:27.2.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4091.2445 [GMT 2:00]

Gestart vanuit: c:\users\Kim\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Kim\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-18 to 2013-08-18 ))))))))))))))))))))))))))))))

.

2013-08-18 15:21 . 2013-08-18 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp