Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
hallo,
het heeft even geduurt maar ik heb dan nu toch eindelijk het combofix logje 
het werkte niet helemaal naar wens maar dat kwam dus omdat ik vanaf een andere gebruiker op me computer werkte omdat bij deze gebruiker internet het wel deed en op mijn eigen account niet. maar nu doet internet het ook op mijn eigen account en heb nu het logje van combofix;)
bedankt voor alle hulp tot zover xx
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\TP-LINK\QSS\HwBtnDetector.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-22 12:41:24 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-22 11:41
.
Pre-Run: 155.429.617.664 bytes beschikbaar
Post-Run: 154.800.844.800 bytes beschikbaar
.
- - End Of File - - D7E2823D43AA3B5180081E837E22D734
sorry dat was maar een gedeelte hier is de juiste
ComboFix 12-01-21.02 - denni 22-01-2012 11:26:19.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3839.2251
Gestart vanuit: c:\users\denni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF321T9P\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lizzy.denni-PC\ComboFix.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-22 to 2012-01-22 ))))))))))))))))))))))))))))))
.
.
2012-01-22 11:18 . 2012-01-22 11:18 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-01-22 11:18 . 2012-01-22 11:18 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-21 19:37 . 2012-01-22 11:21 ——– d—–w- c:\users\denni\AppData\Local\temp
2012-01-19 22:59 . 2012-01-19 22:59 ——– d—–w- c:\programdata\26208
2012-01-19 20:52 . 2011-03-12 12:08 1465344 —-a-w- c:\windows\system32\XpsPrint.dll
2012-01-19 20:49 . 2011-03-25 03:29 343040 —-a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-19 20:49 . 2011-03-25 03:29 98816 —-a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-19 20:49 . 2011-03-25 03:29 325120 —-a-w- c:\windows\system32\drivers\usbport.sys
2012-01-19 20:49 . 2011-03-25 03:29 52736 —-a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-19 20:49 . 2011-03-25 03:29 25600 —-a-w- c:\windows\system32\drivers\usbohci.sys
2012-01-19 20:49 . 2011-03-25 03:29 30720 —-a-w- c:\windows\system32\drivers\usbuhci.sys
2012-01-19 20:49 . 2011-03-25 03:28 7936 —-a-w- c:\windows\system32\drivers\usbd.sys
2012-01-19 20:49 . 2011-01-17 11:09 197120 —-a-w- c:\windows\system32\d3d10_1.dll
2012-01-19 20:49 . 2011-01-17 05:47 161792 —-a-w- c:\windows\SysWow64\d3d10_1.dll
2012-01-10 15:53 . 2012-01-19 20:35 ——– d—–w- c:\users\Lizzy
2012-01-02 00:49 . 2012-01-02 00:49 ——– d—–w- c:\programdata\Trymedia
2012-01-02 00:48 . 2012-01-02 01:56 ——– d—–w- C:\GameHouse Games
2012-01-02 00:47 . 2012-01-02 01:56 ——– d—–w- c:\program files (x86)\RealArcade
2012-01-02 00:29 . 2012-01-02 00:29 ——– d—–w- C:\BigFishGamesCache
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 17:51 . 2011-10-19 15:03 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 17:27 . 2011-12-16 14:46 4718952 —-a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-12-13 15:58 . 2011-12-16 14:46 1560168 —-a-w- c:\windows\system32\RTSnMg64.cpl
2011-12-13 10:01 . 2009-10-28 19:38 1698408 —-a-w- c:\windows\RtlExUpd.dll
2011-12-12 16:20 . 2011-12-16 14:46 100456 —-a-w- c:\windows\system32\RCoInstII64.dll
2011-12-09 15:42 . 2011-12-16 14:46 2684416 —-a-w- c:\windows\system32\RCoRes64.dat
2011-12-08 16:28 . 2011-12-16 14:46 1969768 —-a-w- c:\windows\system32\RtkApi64.dll
2011-12-08 15:27 . 2011-12-16 14:46 3744872 —-a-w- c:\windows\system32\RtkAPO64.dll
2011-11-22 15:28 . 2011-12-16 14:46 14952 —-a-w- c:\windows\system32\RtkCoLDR64.dll
2011-11-22 10:36 . 2011-12-16 14:46 2615400 —-a-w- c:\windows\system32\RtPgEx64.dll
2011-11-18 15:40 . 2011-12-16 14:46 219752 —-a-w- c:\windows\system32\SFSS_APO.dll
2011-11-16 08:49 . 2011-11-16 08:49 1409 —-a-w- c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
.
“OM_Monitor”=“c:\program files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe”
“EADM”=“c:\program files (x86)\Origin\Origin.exe”
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe”
.
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“jswtrayutil”=“c:\program files (x86)\TP-LINK\QSS\jswtrayutil.exe”
“QuickTime Task”=“c:\program files (x86)\QuickTime\qttask.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Java\jre6\bin\jusched.exe”
“OM_Monitor”=“c:\program files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe”
“PWRISOVM.EXE”=“c:\program files (x86)\PowerISO\PWRISOVM.EXE”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
R1 htusygno;htusygno;c:\windows\system32\drivers\htusygno.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 Spooler32;Print Spooler ;c:\windows\system32\kbdusl32.exe
R3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lhx.sys
R3 EverestDriver;FinalWire EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\TP-LINK\QSS\jswpsapi.exe
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe
S2 JSWHwBtn;JSW Hardware Button Service;c:\program files (x86)\TP-LINK\QSS\HwBtnSvc.exe
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
.
.
.
——— x86-64 ———–
.
.
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
.
“LoadAppInit_DLLs”=0x1
“AppInit_DLLs”=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-10 - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
.
.
.
“ImagePath”=“\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:a2,68,8e,df,88,38,ec,33,68,c7,ff,81,be,a1,c9,c9,1a,06,48,50,ea,
70,ff,04,6f,36,35,87,6a,d1,3b,93,6c,85,a6,e8,d5,a3,41,65,c1,99,3f,78,56,48,\
“rkeysecu”=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\TP-LINK\QSS\HwBtnDetector.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-22 12:41:24 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-22 11:41
.
Pre-Run: 155.429.617.664 bytes beschikbaar
Post-Run: 154.800.844.800 bytes beschikbaar
.
- - End Of File - - D7E2823D43AA3B5180081E837E22D734
Hallo denise,
Doe dit eerst!!!
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
File::
c:\windows\system32\drivers\htusygno.sys
Registry::
“AppInit_DLLs”=-
Driver::
htusygno.sys
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis logje van alle gebruikers.
Gr.Ben
Leuk >>>Gestart vanuit: c:\users\denni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF321T9P\ComboFix.exe <<
Volgens mij moet Combo toch vanuit een andere map opstarten.
Net als HJT >>C:\Users\denni\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe<<
alle stappen voldaan en het ging goed.!
hier eerst hijackthis .
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:49, on 22-1-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files (x86)\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\Origin\Origin.exe” -AutoStart
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /nosplash /minimized
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JSW Hardware Button Service (JSWHwBtn) - Unknown owner - C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Print Spooler (Spooler32) - Unknown owner - c:\windows\system32\kbdusl32.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 10972 bytes
hier combofix
ComboFix 12-01-21.02 - denni 22-01-2012 17:01:02.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3839.1830
Gestart vanuit: c:\users\denni\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\denni\Desktop\CFScript.txt.txt
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\windows\system32\drivers\htusygno.sys”
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-22 to 2012-01-22 ))))))))))))))))))))))))))))))
.
.
2012-01-22 16:31 . 2012-01-22 16:31 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-01-22 16:31 . 2012-01-22 16:31 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-22 12:53 . 2012-01-22 12:53 ——– d—–w- c:\users\denni\AppData\Roaming\AVG
2012-01-22 12:04 . 2012-01-22 12:05 ——– d—–w- c:\programdata\AVG Secure Search
2012-01-22 12:04 . 2012-01-22 12:05 ——– d—–w- c:\program files (x86)\AVG Secure Search
2012-01-22 12:04 . 2012-01-22 12:04 ——– d—–w- c:\program files (x86)\Common Files\AVG Secure Search
2012-01-22 12:04 . 2012-01-22 12:04 ——– d—–w- c:\windows\SysWow64\drivers\AVG
2012-01-22 12:03 . 2012-01-22 12:44 ——– d—–w- c:\windows\system32\drivers\AVG
2012-01-22 12:03 . 2012-01-22 12:44 ——– d—–w- c:\programdata\AVG2012
2012-01-22 12:02 . 2012-01-22 12:52 ——– d—–w- c:\program files (x86)\AVG
2012-01-21 19:37 . 2012-01-22 16:43 ——– d—–w- c:\users\denni\AppData\Local\temp
2012-01-19 22:59 . 2012-01-19 22:59 ——– d—–w- c:\programdata\26208
2012-01-19 20:52 . 2011-03-12 12:08 1465344 —-a-w- c:\windows\system32\XpsPrint.dll
2012-01-19 20:49 . 2011-03-25 03:29 343040 —-a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-19 20:49 . 2011-03-25 03:29 98816 —-a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-19 20:49 . 2011-03-25 03:29 325120 —-a-w- c:\windows\system32\drivers\usbport.sys
2012-01-19 20:49 . 2011-03-25 03:29 52736 —-a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-19 20:49 . 2011-03-25 03:29 25600 —-a-w- c:\windows\system32\drivers\usbohci.sys
2012-01-19 20:49 . 2011-03-25 03:29 30720 —-a-w- c:\windows\system32\drivers\usbuhci.sys
2012-01-19 20:49 . 2011-03-25 03:28 7936 —-a-w- c:\windows\system32\drivers\usbd.sys
2012-01-19 20:49 . 2011-01-17 11:09 197120 —-a-w- c:\windows\system32\d3d10_1.dll
2012-01-19 20:49 . 2011-01-17 05:47 161792 —-a-w- c:\windows\SysWow64\d3d10_1.dll
2012-01-10 15:53 . 2012-01-19 20:35 ——– d—–w- c:\users\Lizzy
2012-01-02 00:49 . 2012-01-02 00:49 ——– d—–w- c:\programdata\Trymedia
2012-01-02 00:48 . 2012-01-02 01:56 ——– d—–w- C:\GameHouse Games
2012-01-02 00:47 . 2012-01-02 01:56 ——– d—–w- c:\program files (x86)\RealArcade
2012-01-02 00:29 . 2012-01-02 00:29 ——– d—–w- C:\BigFishGamesCache
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 17:51 . 2011-10-19 15:03 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 17:27 . 2011-12-16 14:46 4718952 —-a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-12-13 15:58 . 2011-12-16 14:46 1560168 —-a-w- c:\windows\system32\RTSnMg64.cpl
2011-12-13 10:01 . 2009-10-28 19:38 1698408 —-a-w- c:\windows\RtlExUpd.dll
2011-12-12 16:20 . 2011-12-16 14:46 100456 —-a-w- c:\windows\system32\RCoInstII64.dll
2011-12-09 15:42 . 2011-12-16 14:46 2684416 —-a-w- c:\windows\system32\RCoRes64.dat
2011-12-08 16:28 . 2011-12-16 14:46 1969768 —-a-w- c:\windows\system32\RtkApi64.dll
2011-12-08 15:27 . 2011-12-16 14:46 3744872 —-a-w- c:\windows\system32\RtkAPO64.dll
2011-11-22 15:28 . 2011-12-16 14:46 14952 —-a-w- c:\windows\system32\RtkCoLDR64.dll
2011-11-22 10:36 . 2011-12-16 14:46 2615400 —-a-w- c:\windows\system32\RtPgEx64.dll
2011-11-18 15:40 . 2011-12-16 14:46 219752 —-a-w- c:\windows\system32\SFSS_APO.dll
2011-11-16 08:49 . 2011-11-16 08:49 1409 —-a-w- c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
2012-01-22 12:04 1574240 —-a-w- c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
“{95B7759C-8C7F-4BF1-B163-73684A933233}”= “c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll”
.
.
“OM_Monitor”=“c:\program files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe”
“EADM”=“c:\program files (x86)\Origin\Origin.exe”
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe”
.
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“jswtrayutil”=“c:\program files (x86)\TP-LINK\QSS\jswtrayutil.exe”
“QuickTime Task”=“c:\program files (x86)\QuickTime\qttask.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Java\jre6\bin\jusched.exe”
“OM_Monitor”=“c:\program files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe”
“PWRISOVM.EXE”=“c:\program files (x86)\PowerISO\PWRISOVM.EXE”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG2012\avgtray.exe”
“vProt”=“c:\program files (x86)\AVG Secure Search\vprot.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 htusygno;htusygno;c:\windows\system32\drivers\htusygno.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 Spooler32;Print Spooler ;c:\windows\system32\kbdusl32.exe
R3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lhx.sys
R3 EverestDriver;FinalWire EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\TP-LINK\QSS\jswpsapi.exe
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe
S2 JSWHwBtn;JSW Hardware Button Service;c:\program files (x86)\TP-LINK\QSS\HwBtnSvc.exe
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
.
.
.
——— x86-64 ———–
.
.
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
.
“AppInit_DLLs”=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
“ImagePath”=“\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:a2,68,8e,df,88,38,ec,33,68,c7,ff,81,be,a1,c9,c9,1a,06,48,50,ea,
70,ff,04,6f,36,35,87,6a,d1,3b,93,6c,85,a6,e8,d5,a3,41,65,c1,99,3f,78,56,48,\
“rkeysecu”=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\TP-LINK\QSS\HwBtnDetector.exe
c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-22 18:00:46 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-22 17:00
.
Pre-Run: 154.943.188.992 bytes beschikbaar
Post-Run: 154.695.249.920 bytes beschikbaar
.
- - End Of File - - FC1B81C1ED980DCC753AD642960AC4AF
alvast bedankt
ik heb microsoft eraf gehaald en avg er op gezet zodoende. Problemen zijn nu wel minder. exployer die start weer alleen ik heb nog wel als ik bij google iets intyp om te worden doorgeschakeld naar een andere site dat ik dan steeds niet de juiste site krijg. hij linkt dan heel snel door naar onbekende sites.
En als ik via msn op me hotmail wil klikken dan krijg ik deze niet. Moet het apart doen via exployer.
groet denise,
