• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

PC valt regelmatig uit

Status
Niet open voor verdere reacties.
Jefesco

Jefesco

Hallo
Lid geworden
2 sep 2006
Berichten
1.105
Waarderingsscore
9
Beste mensen,

Ik heb een Toshiba laptop die regelmatig uitvalt. E zijn geen aanwijzingen dat ie heel / te warm wordt of dat er rare software op zit. Ik hb de computer gescand, er zijn geen virussen gevonden, MBAM heeft geen malware gevonden en met ccleaner heb ik aan ruim 36Gb rotzooi verwijderd(tijdelijke internetbestanden e.d.)

Bij deze en hjt log:

[hjt]
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:07:42, on 9-8-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
CHROME: 36.0.1985.125
FIREFOX: 5.0 (en-US)
Boot mode: Normal
Running processes:
c:\program files (x86)\rocketdock\rocketdock.exe
c:\program files\avast software\avast\avastui.exe
c:\program files (x86)\yuna software\messenger plus! for skype\messenger plus! for skype.exe
c:\program files (x86)\itunes\ituneshelper.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\skype\phone\skype.exe
d:\games\gamehouse games collection\chainz 2 - relinked\chainz2.exe
c:\users\miranda\downloads\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://toshiba.msn.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.startpagina.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/p/?linkid=255141[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/p/?linkid=255141[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
f2 - reg:system.ini: userinit=userinit.exe,
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
o2 - bho: avast! webrep - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o2 - bho: toshiba media controller plug-in - {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll
o3 - toolbar: avast! webrep - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [avast] c:\program files\avast software\avast\avastui.exe /nogui
o4 - hklm\..\run: [apsdaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
o4 - hklm\..\run: [messengerplusforskypeservice] c:\program files (x86)\yuna software\messenger plus! for skype\msgplusforskypeservice.exe
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [ituneshelper] c:\program files (x86)\itunes\ituneshelper.exe
o4 - hkcu\..\run: [rocketdock] c:\program files (x86)\rocketdock\rocketdock.exe
o4 - hkcu\..\run: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
o4 - hkcu\..\run: [google update] c:\users\miranda\appdata\local\google\update\googleupdate.exe /c
o4 - hkcu\..\run: [skype] c:\program files (x86)\skype\phone\skype.exe /minimized /regrun
o4 - hkus\s-1-5-18\..\run: [topi.exe] c:\program files (x86)\toshiba\toshiba online product information\topi.exe /startup (user 'system')
o4 - hkus\.default\..\run: [topi.exe] c:\program files (x86)\toshiba\toshiba online product information\topi.exe /startup (user 'default user')
o4 - .default user startup: trdcreminder.lnk = c:\program files (x86)\toshiba\trdcreminder\trdcreminder.exe (user 'default user')
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~2\micros~1\office12\excel.exe/3000
o8 - extra context menu item: toevoegen aan toshiba bulletin board - res://c:\program files\toshiba\bulletinboard\tosbbcom.dll/1000
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~1\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~1\office12\onbttnie.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~2\micros~1\office12\refiebar.dll
o9 - extra button: @c:\program files\toshiba\bulletinboard\tosncui.dll,-229 - {97f922bd-8563-4184-87ee-8c4aca438823} - (no file)
o9 - extra 'tools' menuitem: @c:\program files\toshiba\bulletinboard\tosncui.dll,-228 - {97f922bd-8563-4184-87ee-8c4aca438823} - (no file)
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o16 - dpf: {5d637fad-e202-48d1-8f18-5b9c459bd1e3} (image uploader control) - [noparse]http://verkopen.marktplaats.nl/js/widgets/imageuploader/aurigma/5_7_24_0/imageuploader5.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files (x86)\microsoft office\office12\groovesystemservices.dll
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll
o23 - service: adobe acrobat update service (adobearmservice) - adobe systems incorporated - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
o23 - service: adobe flash player update service (adobeflashplayerupdatesvc) - adobe systems incorporated - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: apple mobile device - apple inc. - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
o23 - service: avast! antivirus - avast software - c:\program files\avast software\avast\avastsvc.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: brynsvc - brother industries, ltd. - c:\program files (x86)\browny02\brynsvc.exe
o23 - service: configfree wimax service (cfwimaxservice) - toshiba corporation - c:\program files (x86)\toshiba\configfree\cfiwmxsvcs64.exe
o23 - service: configfree service - toshiba corporation - c:\program files (x86)\toshiba\configfree\cfsvcs.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: gamesappservice - wildtangent, inc. - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
o23 - service: gfnex service (gfnexsrv) - unknown owner - c:\windows\system32\gfnexsrv.exe (file missing)
o23 - service: google update-service (gupdate) (gupdate) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe
o23 - service: @%systemroot%\system32\ieetwcollectorres.dll,-1000 (ieetwcollectorservice) - unknown owner - c:\windows\system32\ieetwcollector.exe (file missing)
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: intel(r) management and security application local management service (lms) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: messenger plus! service (msgplusservice) - yuna software - c:\program files (x86)\yuna software\messenger plus! for skype\msgplusforskypeservice.exe
o23 - service: @c:\program files (x86)\nero\update\nasvc.exe,-200 (naupdate) - nero ag - c:\program files (x86)\nero\update\nasvc.exe
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: skype updater (skypeupdate) - skype technologies - c:\program files (x86)\skype\updater\updater.exe
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: notebook performance tuning service (tempro) (tempromonitoringservice) - toshiba europe gmbh - c:\program files (x86)\toshiba tempro\temprosvc.exe
o23 - service: tmachinfo - toshiba corporation - c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe
o23 - service: toshiba optical disc drive service (toddsrv) - unknown owner - c:\windows\system32\toddsrv.exe (file missing)
o23 - service: toshiba power saver (toscosrv) - toshiba corporation - c:\program files\toshiba\power saver\toscosrv.exe
o23 - service: toshiba hdd ssd alert service - toshiba corporation - c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: intel(r) management and security application user notification service (uns) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 12367 bytes
[/hjt]
 
Download
522adc2487fb5-SecurityCheck_cannednieuw.jpg
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7 en Windows 8 rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
  • Let op de instrukties in het zwarte venster.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in jouw volgende post

Alternatieve downloadlink: http://www.bleepingcomputer.com/download/securitycheck/
 
Dank voor jouw reactie. Bij deze de inhoud van SecurityCheckup

\\ Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 20
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox 5.0 Firefox out of Date!
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

-------------------
EDIT: Java is nu ge-update naar de laatste versie!
 
Laatst bewerkt door een moderator:
Mocht het geen virus zijn, zou het aan de voeding kunnen liggen. We wachten even af :)
 
Laatst bewerkt door een moderator:
LucLCG zei:
Mocht het geen virus zijn, zou het aan de voeding kunnen liggen. We wachten even af :)
Klik om te vergroten...

Hoe zou dat kunnen als de batterij 100% opgeladen is? Ik zeg niet dat het niet mogelijk is, maar het lijkt me wel vreemd eerlijk gezegd. :)

We wachten inderdaad even af. :)
 
Jouw Windows bevat zeer oude software, die daardoor alleen een hoog beveiligingsrisico in jouw Windows vormen.

Ga nu eerst naar Configuratiescherm
  • Software - Windows 2000/Windows XP
  • Programma's en onderdelen - Windows Vista, Windows 7
en u verwijdert daar alle voorkomende Adobe Flashplayers en mogelijk Adobe Flashplayer Plug-ins voor Firefox.


Ga met Internet Explorer naar http://get.adobe.com/nl/flashplayer/ om de nieuwste Adobe Flash Player Versie 14.0.0.145 te laten installeren;
wil je de Gratis Google Chrome webbrowser (optioneel) (2,12 MB) of Gratis! McAfee Security Scan Plus (optioneel) (0.98 MB) niet erbij hebben, haal dan eerst het vinkje weg en ga akkoord met installeren van de Flashplayer.


Java
Gebruik vanaf nu enkel de 64-bit versie van Java.

Download eerst Java SE Runtime Environment 7 Update 67 Windows Offline (64-bits) groot 29,5 MB

Echter nog niet de nieuwe versie installeren!

Ga daarna eerst naar Configuratiescherm
  • Software - Windows 2000/Windows XP
  • Programma's en onderdelen - Windows Vista, Windows 7 en Windows 8
en verwijder daar Java(TM) 6 Update 20.

Belangrijk: start nu eerst PC of notebook opnieuw op, zodat de oude Java instellingen verwijderd worden.
Nadat de computer opnieuw is opgestart, mag de nieuwste Java versie genstalleerd worden.


Indien jij Firefox helemaal niet meer gebruikt, verwijder dan die versie die al een paar jaar in jouw PC zit!
 
Alles wat out-dated was of niet meer nodig is verwijderd. Daarbij is al het nodige op de juiste wijze ge-update.
 
Download
51a46ae42d560-malwarebytes_anti_malware.png
MalwareBytes Anti-Malware.

  • Windows 2000 en Windows XP: dubbelklik op mbam-setup-2.0.exe.
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op mbam-setup-2.0.exe en kies voor "Als Administrator uitvoeren".
  • Eventueel zijn verdere aanwijzingen over de volledige installatieprocedure na te te lezen op de volgende link - Malwarebytes Anti-Malware installeren.
  • Klik in het menu van Malwarebytes ANTI-MALWARE op nstellingen" en daar op "Detectie en Bescherming" en zet vervolgens een vinkje bij "Scan naar rootkits".
  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
    • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
    • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
    • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
    • Dit bestand zal standaard op uw bureaublad worden opgeslagen.
532aab157609a-MBAM-Scan.png


MBAM-Log posten:
  • Kopieer nu de inhoud van het zojuist opgeslagen log en plak dit in uw nieuwe antwoord erbij.
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scandatum: 9-8-2014
Scantijd: 20:08:26
Logbestand: malwarescan1.txt
Beheerder: Ja

Versie: 2.00.2.1012
Malwaredatabase: v2014.08.09.05
Rootkitdatabase: v2014.08.04.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld

Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Miranda

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 345515
Verstreken Tijd: 22 m, 47 s

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld

Processen: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registersleutels: 0
(No malicious items detected)

Registerwaardes: 0
(No malicious items detected)

Registerdata: 0
(No malicious items detected)

Mappen: 0
(No malicious items detected)

Bestanden: 0
(No malicious items detected)

Fysieke Sectoren: 0
(No malicious items detected)


(end)
 
Download
51c590ce361e7-ComboFix_resized_2.png
ComboFix via n van deze locaties:
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.
 
[hjt]
combofix 14-08-15.01 - miranda 16-08-2014 12:06:21.1.4 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.8104.5877 [gmt 2:00]
gestart vanuit: c:\users\miranda\desktop\combofix.exe
av: avast! antivirus *disabled/updated* {2b2d1395-420b-d5c9-657e-930fe358fc3c}
sp: avast! antivirus *disabled/updated* {904cf271-6431-da47-5fce-a87d98dfb681}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
* nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\miranda\appdata\roaming\.#
c:\windows\syswow64\debug.log
.
.
(((((((((((((((((((( bestanden gemaakt van 2014-07-16 to 2014-08-16 ))))))))))))))))))))))))))))))
.
.
2014-08-15 12:48 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e196f7dc-2c13-4ea4-9488-bb821ae145a1}\mpengine.dll
2014-08-13 11:52 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 11:52 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 11:52 . 2014-03-09 21:47 99480 ----a-w- c:\windows\syswow64\infocardapi.dll
2014-08-13 11:52 . 2014-03-09 21:47 619672 ----a-w- c:\windows\syswow64\icardagt.exe
2014-08-13 11:52 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 11:52 . 2014-06-30 22:14 8856 ----a-w- c:\windows\syswow64\icardres.dll
2014-08-13 11:51 . 2014-06-06 06:16 35480 ----a-w- c:\windows\syswow64\tswpfwrp.exe
2014-08-13 11:51 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\tswpfwrp.exe
2014-08-13 10:49 . 2014-07-25 13:00 139264 ----a-w- c:\windows\system32\ieunatt.exe
2014-08-11 07:36 . 2014-08-11 07:36 -------- d-----w- c:\program files (x86)\common files\skype
2014-08-09 17:02 . 2014-08-09 17:01 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-09 17:02 . 2014-08-09 17:02 111016 ----a-w- c:\windows\system32\windowsaccessbridge-64.dll
2014-08-09 17:02 . 2014-08-09 17:01 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-09 17:02 . 2014-08-09 17:01 189352 ----a-w- c:\windows\system32\java.exe
2014-08-09 17:01 . 2014-08-09 17:01 -------- d-----w- c:\program files\java
2014-08-09 16:59 . 2014-08-09 16:59 71344 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2014-08-09 16:59 . 2014-08-09 16:59 699056 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2014-08-09 16:21 . 2014-08-09 16:21 -------- d-----w- c:\program files (x86)\crystaldiskinfo
2014-08-09 09:47 . 2014-08-13 15:46 122584 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-09 09:47 . 2014-08-09 09:47 -------- d-----w- c:\program files (x86)\malwarebytes anti-malware
2014-08-09 09:47 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-09 09:47 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-02 11:37 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-02 11:37 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-02 11:37 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-02 11:37 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 11:36 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-02 11:36 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 11:36 . 2014-05-14 16:17 92672 ----a-w- c:\windows\syswow64\wudriver.dll
2014-08-02 11:36 . 2014-05-14 16:23 36320 ----a-w- c:\windows\syswow64\wups.dll
2014-08-02 11:36 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-02 11:36 . 2014-05-14 16:23 581600 ----a-w- c:\windows\syswow64\wuapi.dll
2014-08-02 11:36 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-02 11:36 . 2014-05-14 07:23 179656 ----a-w- c:\windows\syswow64\wuwebv.dll
2014-08-02 11:36 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-02 11:36 . 2014-05-14 07:17 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2014-07-17 15:00 . 2014-07-17 15:01 -------- d-----w- c:\programdata\34be82c4-e596-4e99-a191-52c6199ebf69
2014-07-17 15:00 . 2014-07-17 15:00 -------- d-----w- c:\program files\itunes
2014-07-17 15:00 . 2014-07-17 15:00 -------- d-----w- c:\program files (x86)\itunes
2014-07-17 15:00 . 2014-07-17 15:00 -------- d-----w- c:\program files\ipod
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 11:56 . 2011-06-30 04:20 99218768 ----a-w- c:\windows\system32\mrt.exe
2014-06-18 02:18 . 2014-07-09 08:33 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 08:33 646144 ----a-w- c:\windows\syswow64\osk.exe
2014-06-06 10:10 . 2014-07-09 08:33 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 08:33 509440 ----a-w- c:\windows\syswow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 08:30 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 08:30 22016 ----a-w- c:\windows\syswow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 08:30 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 08:33 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 08:33 86528 ----a-w- c:\windows\system32\tspkg.dll
2014-05-30 08:08 . 2014-07-09 08:33 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 08:33 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 08:33 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 08:33 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 08:33 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 08:33 172032 ----a-w- c:\windows\syswow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 08:33 65536 ----a-w- c:\windows\syswow64\tspkg.dll
2014-05-30 07:52 . 2014-07-09 08:33 247808 ----a-w- c:\windows\syswow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 08:33 220160 ----a-w- c:\windows\syswow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 08:33 259584 ----a-w- c:\windows\syswow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 08:33 550912 ----a-w- c:\windows\syswow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 08:33 17408 ----a-w- c:\windows\syswow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 08:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext1]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2013-05-25 00:36 130736 ----a-w- c:\users\miranda\appdata\roaming\dropbox\bin\dropboxext.19.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext2]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2013-05-25 00:36 130736 ----a-w- c:\users\miranda\appdata\roaming\dropbox\bin\dropboxext.19.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext3]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2013-05-25 00:36 130736 ----a-w- c:\users\miranda\appdata\roaming\dropbox\bin\dropboxext.19.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"rocketdock"=c:\program files (x86)\rocketdock\rocketdock.exe [2007-09-02 495616]
"sidebar"=c:\program files\windows sidebar\sidebar.exe [2010-11-21 1475584]
"skype"=c:\program files (x86)\skype\phone\skype.exe [2014-07-24 21650016]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"avast"=c:\program files\avast software\avast\avastui.exe [2012-10-30 4297136]
"apsdaemon"=c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe [2014-07-03 43816]
"ituneshelper"=c:\program files (x86)\itunes\ituneshelper.exe [2014-07-08 152392]
.
c:\users\default user\appdata\roaming\microsoft\windows\start menu\programs\startup\
trdcreminder.lnk - c:\program files (x86)\toshiba\trdcreminder\trdcreminder.exe [2009-9-1 481184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\mcods]
@=""
.
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [x]
r2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe;c:\program files (x86)\skype\updater\updater.exe [x]
r3 brynsvc;brynsvc;c:\program files (x86)\browny02\brynsvc.exe;c:\program files (x86)\browny02\brynsvc.exe [x]
r3 dg_ssudbus;samsung mobile usb composite device driver (devguru ver.);c:\windows\system32\drivers\ssudbus.sys;c:\windows\sysnative\drivers\ssudbus.sys [x]
r3 ieetwcollectorservice;internet explorer etw collector service;c:\windows\system32\ieetwcollector.exe;c:\windows\sysnative\ieetwcollector.exe [x]
r3 netaapl;apple mobile device ethernet service;c:\windows\system32\drivers\netaapl64.sys;c:\windows\sysnative\drivers\netaapl64.sys [x]
r3 rsusbstor;rtsustor.sys realtek usb card reader;c:\windows\system32\drivers\rtsustor.sys;c:\windows\sysnative\drivers\rtsustor.sys [x]
r3 rtl8187b;realtek rtl8187b wireless 802.11b/g 54mbps usb 2.0 network adapter;c:\windows\system32\drivers\rtl8187b.sys;c:\windows\sysnative\drivers\rtl8187b.sys [x]
r3 ssudmdm;samsung mobile usb modem drivers (devguru ver.);c:\windows\system32\drivers\ssudmdm.sys;c:\windows\sysnative\drivers\ssudmdm.sys [x]
r3 tempromonitoringservice;notebook performance tuning service (tempro);c:\program files (x86)\toshiba tempro\temprosvc.exe;c:\program files (x86)\toshiba tempro\temprosvc.exe [x]
r3 tmachinfo;tmachinfo;c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe;c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe [x]
r3 toshiba hdd ssd alert service;toshiba hdd ssd alert service;c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe;c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\sysnative\drivers\tsusbflt.sys [x]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys;c:\windows\sysnative\drivers\tsusbgd.sys [x]
r3 usbaapl64;apple mobile usb driver;c:\windows\system32\drivers\usbaapl64.sys;c:\windows\sysnative\drivers\usbaapl64.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe;c:\windows\sysnative\wat\watadminsvc.exe [x]
s0 tos_sps64;toshiba tos_sps64 service;c:\windows\system32\drivers\tos_sps64.sys;c:\windows\sysnative\drivers\tos_sps64.sys [x]
s1 aswkbd;aswkbd; [x]
s1 aswsnx;aswsnx; [x]
s1 aswsp;aswsp; [x]
s1 dtsoftbus01;daemon tools virtual bus driver;c:\windows\system32\drivers\dtsoftbus01.sys;c:\windows\sysnative\drivers\dtsoftbus01.sys [x]
s2 aswfsblk;aswfsblk; [x]
s2 aswmonflt;aswmonflt;c:\windows\system32\drivers\aswmonflt.sys;c:\windows\sysnative\drivers\aswmonflt.sys [x]
s2 cfwimaxservice;configfree wimax service;c:\program files (x86)\toshiba\configfree\cfiwmxsvcs64.exe;c:\program files (x86)\toshiba\configfree\cfiwmxsvcs64.exe [x]
s2 configfree service;configfree service;c:\program files (x86)\toshiba\configfree\cfsvcs.exe;c:\program files (x86)\toshiba\configfree\cfsvcs.exe [x]
s2 gfnexsrv;gfnex service;c:\windows\system32\gfnexsrv.exe;c:\windows\sysnative\gfnexsrv.exe [x]
s2 uns;intel(r) management and security application user notification service;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe [x]
s3 pgeffect;pangu effect driver;c:\windows\system32\drivers\pgeffect.sys;c:\windows\sysnative\drivers\pgeffect.sys [x]
s3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys;c:\windows\sysnative\drivers\rt64win7.sys [x]
s3 rtl8192ce;realtek wireless lan 802.11n pci-e nic driver;c:\windows\system32\drivers\rtl8192ce.sys;c:\windows\sysnative\drivers\rtl8192ce.sys [x]
.
.
inhoud van de 'gedeelde taken' map
.
2014-08-16 c:\windows\tasks\adobe flash player updater.job
- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2014-08-09 16:59]
.
2014-08-16 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2013-08-19 14:21]
.
2014-08-16 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2013-08-19 14:21]
.
2014-08-15 c:\windows\tasks\googleupdatetaskusers-1-5-21-3995049377-627641100-110101777-1000core.job
- c:\users\miranda\appdata\local\google\update\googleupdate.exe [2011-07-15 10:24]
.
2014-08-16 c:\windows\tasks\googleupdatetaskusers-1-5-21-3995049377-627641100-110101777-1000ua.job
- c:\users\miranda\appdata\local\google\update\googleupdate.exe [2011-07-15 10:24]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083b0-c522-11cf-8763-00608cc02f24}"
[hkey_classes_root\clsid\{472083b0-c522-11cf-8763-00608cc02f24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\avast software\avast\ashsha64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext1]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2013-05-25 00:36 164016 ----a-w- c:\users\miranda\appdata\roaming\dropbox\bin\dropboxext64.19.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext2]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2013-05-25 00:36 164016 ----a-w- c:\users\miranda\appdata\roaming\dropbox\bin\dropboxext64.19.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext3]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2013-05-25 00:36 164016 ----a-w- c:\users\miranda\appdata\roaming\dropbox\bin\dropboxext64.19.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext4]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2013-05-25 00:36 164016 ----a-w- c:\users\miranda\appdata\roaming\dropbox\bin\dropboxext64.19.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"rthdvcpl"=c:\program files\realtek\audio\hda\ravcpl64.exe [2011-01-12 11775592]
"rthdvbg"=c:\program files\realtek\audio\hda\ravbg64.exe [2011-01-10 2186856]
"igfxtray"=c:\windows\system32\igfxtray.exe [2011-04-05 167960]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2011-04-05 391704]
"persistence"=c:\windows\system32\igfxpers.exe [2011-04-05 418840]
"logitech download assistant"=c:\windows\system32\logilda.dll [2012-09-20 1832760]
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.startpagina.nl/
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = *.local
ie: e&xporteren naar microsoft excel - c:\progra~2\micros~1\office12\excel.exe/3000
ie: toevoegen aan toshiba bulletin board - c:\program files\toshiba\bulletinboard\tosbbcom.dll/1000
tcp: dhcpnameserver = 192.168.1.1 192.168.1.1
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
hklm_wow6432node-activesetup-{2d46b6dc-2207-486b-b523-a557e6d54b47} - start
toolbar-locked - (no file)
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\system32\\macromed\\flash\\flashutil64_14_0_0_145_activex.exe,-101"
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\system32\\macromed\\flash\\flashutil64_14_0_0_145_activex.exe
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil32_14_0_0_145_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil32_14_0_0_145_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_14_0_0_145.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.14"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_14_0_0_145.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_14_0_0_145.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_14_0_0_145.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\mcafee]
"symboliclinkvalue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files\avast software\avast\avastsvc.exe
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files (x86)\toshiba\configfree\ndstray.exe
c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
c:\program files (x86)\toshiba\configfree\cfswmgr.exe
.
**************************************************************************
.
voltooingstijd: 2014-08-16 12:18:35 - machine werd herstart
combofix-quarantined-files.txt 2014-08-16 10:18
.
pre-run: 165.903.605.760 bytes beschikbaar
post-run: 165.502.013.440 bytes beschikbaar
.
- - end of file - - dd32323553ff98c7a748fe95e9d5d21f

[/hjt]
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan