Dns Casch Poisoning aanval gedecteerd door firrewill eset

[salmax]

Mijn computer gaf ineens een melding van eset firewall dat rood zag
met melding DNS Cache poisoning aanval gedecteerd.
ik had ineens ook geen internet meer en anti virus eset was ineens rood en moest bijgewerkt worden verouderd.
pagina's laden ervoor ging heel traag
Is het mogelijk om deze log na te kijken aub.
Heb herstelpunt gedaan naar 16/03/2012 en kabel uitgetrokken waarop modem terug herstarten .
had terug internet en dan terug herstelpunt gedaan naar 23/03/2012 om zeker te zijn dat als er iets is het gevonden wordt.
ik gebruikte toen het gebeurde secunia en wou vlc nieuwste update installeren en dan ging het mis.
mijn anti virus eset smart security scant nu diepte scan en alle letters.
Ik laat malwarebyte sebiet ook nog scannenen post deze log ook

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:07:16, on 25/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_Ac tiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1926501126-3141280891-405495493-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1926501126-3141280891-405495493-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Secunia PSI Tray.lnk = ?
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7115 bytes

[salmax]

voor ik deze kon scannen was er ook iets beschadigd van malwarebyte en vroeg om iets bij te werken ik heb het zekere voor het zekere gekozen met revo uninstaller malware byte verwijderd en terug geinstalleerd via deze link
http://www.minatica.be/threads/71380...hier-iets-post!
en terug geinstalleerd.
dit is de scan van malwarebyte en eset smart security vond bij scan niets meer.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Databaseversie: v2012.03.24.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pechkiek03 :: PECHKIEK03-PC [administrator]
25/03/2012 3:37:15
mbam-log-2012-03-25 (03-37-15).txt
Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 289245
Verstreken tijd: 17 minuut/minuten, 26 seconde
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)



Met vriendelijke groeten.
Salmax
En op voorhand bedankt voor de tijd jullie in mijn log steken.

[salmax]

ik vermoed dat nod32 het verwijderd heeft.
hoop het alleen niet verstopt heeft.

[Juisterr]

Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.





1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[salmax]

ComboFix 12-03-29.02 - pechkiek03 29/03/2012 23:04:32.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6135.4737 [GMT 2:00]
Gestart vanuit: c:\users\pechkiek03\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-29 ))))))))))))))))))))))))))))))
.
.
2012-03-29 21:07 . 2012-03-29 21:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-29 21:07 . 2012-03-29 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 19:14 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68CC4D01-1BB1-454E-8C38-16C83A9C281E}\mpengine.dll
2012-03-27 11:09 . 2012-03-27 11:09 -------- d-----w- c:\users\pechkiek03\D-Fend Reloaded
2012-03-27 11:09 . 2012-03-27 11:09 -------- d-----w- c:\program files (x86)\D-Fend Reloaded
2012-03-26 23:59 . 2012-03-26 23:59 -------- d-----w- c:\users\pechkiek03\AppData\Local\DOSBox
2012-03-26 23:52 . 2012-03-27 01:31 -------- d-----w- c:\program files (x86)\DOSBox-0.74
2012-03-25 01:34 . 2012-03-25 01:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-25 01:34 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 20:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 20:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 20:09 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 19:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:28 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:28 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 19:27 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:27 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:27 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-07 00:38 . 2012-03-07 00:38 -------- d-----w- c:\program files\ESET
2012-03-07 00:28 . 2012-03-07 00:28 -------- d-----w- c:\users\pechkiek03\AppData\Local\ESET
2012-03-04 02:17 . 2012-03-04 02:17 -------- d-----w- c:\users\pechkiek03\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-03-07 01:08 . 2011-10-14 21:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 07:18 . 2011-10-14 18:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:36 . 2011-10-22 00:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-15 00:48 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 00:48 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2008-12-26 44344]
R3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-04 33080]
R3 RushTopDevice2;RushTopDevice2;c:\program files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-18 75576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwf p.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.s ys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-07-29 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-07-29 399416]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11 g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11 g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11 g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11 g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="5C3D4BF86F33415 8283C651AFCE6F58BC0D38B2F3CF1B5FEBC9E127BECC74CFEB C9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9 E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7 D6A3B9808A6A0AC4980AC7933C038D530D6EB3452F3233B7F5 83796945FB547E2AB1A5A76422D445C89451DAB4C17CAEE099 4EE16A59D65D8618BB4AA86D3341DC8CBD26852CEAAE2DA4F7 022D38BCEA015FA420B7826131861FD6B1DA467BC24B188E7D 19698D955A5C012245AB0495A4C9EA9E1C8C44D44E785F6D42 0DB370C4C38F8379B7C9AF0C918A0F1B51C94A8A5B4A43AD8D 5A0D5242BD96F42F184D825DD27D0D7BF3D6CCC6C0104A23A9 10C408577E84E881F3C6D0F583CBA3F0388E88BD98DA0FA946 D54635884C2C8A4FA5BF02B7431E05B57BE61FB3F1BAC1B09E CE7B98EB19D75112EBA14D199DA345DDC650C19EF376F7F346 99233DAF4353CA62E36A9AAE8BBE7C742E17E10572C904DE9A 8445C3578FD90022C82D22CBEFAB0AE01E70EF2C57538DE34D 0F1F8FBE55917D61C2A5C15103A979ECEC134A98F4B4C1007C 42475313487C3C370CE97A1529AAE77F4806A68392F026BCB4 76C39D7FD9EF7993D34089A498B849E3A77FCACB40A60B749A 22DBDDCB4E1F5F07FAA5ECEA861BCCCE9D86946C9787673162 502BB0C18D532E9F818CBD6EE2A14618A095E721CBF3A85F94 5AE81335384F2BB0E991712938A6F583FB9CE03B76393F327D F01361B3FFA30F54E7B01754D12D4B2C9D3F39BF6E9CD4CF94 5C1D0E91A77AB1B1FF02A6940BAE680C05F027E7CFA74DD2E9 B7AEE10CF7D7127840B0281962D6BD9412D1A4F47A83423018 2A13BA87DFC5717213E2048341BA5D762DC5548E73E85D0C58 7A77B6E6F334D600F605198DDC12BE505DA157705B5FB3401A 878381A35FDFB3B4C6D1149495EEEF6FD5937CFA6CD81B5038 9EF5290E443458F06A213C5D93C14422C8B6F0002DFDBAC98E F3381AB129A62E96CB8B3BBB558A3C2CE565429D5C217B4FE2 138BB4E94085D7AFD93A318CCC5EF5F03DFDD173905F786A1C 267F94C567CADB192C1B4CA2F6932B8E0C979BDFDCADC8D9A5 A53BD53DE384AB73FC20D146B800BF7FD737E46EE1B8030657 FB05F1DA0CCACF6BE0D34A6F7361E952A30E65D042A9210D08 2F399D7088FF1583CC27B86C5A42A8E27D1F27CE022FC90B8E 9A2E51C5249F37D650531924D9F14CD05EF139351235F5959D A20D936C0377CBAFEFC88E9B1E8E948C3167AFED0A92605F96 963C9412DCA7E68E044125DC724FCAA3FA65002A096D25995A C7B9D70D62A8AD579E518DBF2731BE3D7AF06CCAFD6D048414 2AAEE263ABEE52BDF5228475B87452AC3F1302074E6EE5ECB9 E376EF292D93A3CCC0D8FBB615E8A0D6DEFB586CA496043CAD 671BE326DB969C0D7877F05560504BF17"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-03-29 23:10:39 - machine werd herstart
ComboFix-quarantined-files.txt 2012-03-29 21:10
.
Pre-Run: 419.997.237.248 bytes beschikbaar
Post-Run: 419.851.853.824 bytes beschikbaar
.
- - End Of File - - 0A62389663DAC71327741E9AD23DCFE8

[salmax]

ik kreeg wel script fout melding bij handleiding die ik niet kon afsluiten.
heb ze wel kunnen afdrukken.
schakelen anti virus terug zelf aan ik vermoed wel
bij malwarebyte kreeg ik bij tab realtime bescherming niet zelfde scherm dus niet kunnen uitvinken.
had combofix download eerst bij download staan heb het geknipt en geplaktop bureaublad voor ik het gebruikte.

[Juisterr]

Vertel eens hoe het staat met de problemen ?

[salmax]

Was er iets gevonden of werd er iets verwijderd

het gaat goed

[Juisterr]

Alleen een restje.

[salmax]

restje van virus of dergelijke