xsacrax

Hoi Kweezie wabbit, hieronder mijn logje. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:40:17, on 3/05/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe C:\PROGRA~1\AD-AWA~1\AdAware.exe C:\Windows\system32\wuauclt.exe C:\Users\Jan\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [searchProtection] C:\ProgramData\Search Protection\_run.bat O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- End of file - 5848 bytes Het meest vervelende probleem is dat mijn cursor steeds naar voren in mijn zin springt zoals nu ... waarbij er woorden worden getypt tussen wat ik al getypt heb. hij springt ook soms naar andere plaatsen op mijn scherm of selecteert stukken tekst enz... dat het uploaden van die foto's op die ene site niet meer lukt kan ik mee leven. komend weekend ben ik met vereniging weg en ga ik veel typwerk op deze laptop moeten verrichten. Ik hoop dat ik snel van dit toetsenbordprobleem verlost ben. Alvast bedankt! Groetjes, xsacrax

Recent heb ik windows 7 geïnstalleerd op mijn laptop en de oude vista vervangen. De nieuwe windows oogt echt prachtig maar ik loop tegen een irritante error boodschap aan (Microsoft VBScript runtime error '800a0035'), wanneer ik foto's wil uploaden om aan een advertentie toe te voegen op mijn favoriete website www.vogelmarktplaats.nl . Ik heb om zeker te zijn dat ik dat ik foto's kan uploaden op andere kanalen, de test gedaan op facebook en dit gaf daar geen enkel probleem. Ik heb Regclean pro laten lopen om registerfouten eruit te halen, maar tevergeefs. Dan is er nog een 2de probleem: mijn cursor springt steeds naar voor in de tekst die ik aan het typen ben en verwijderd soms ook letters... Ik laat Malware bytes nu lopen en als virusscanner heb ik Avast erop gezet. Alvast bedankt om mij verder te helpen. Met vriendelijke groeten, xsacrax

# AdwCleaner v1.800 - Logfile created 08/04/2012 at 18:27:01 # Updated 01/08/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Jan - LAPTOP_JAN # Running from : C:\Users\Jan\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Jan\AppData\Local\Conduit Folder Deleted : C:\Users\Jan\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Jan\AppData\LocalLow\Conduit Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\Program Files\Conduit File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7doublv4.default\searchplugins\MyStart Search.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Iminent Key Deleted : HKLM\SOFTWARE\SweetIM Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (nl) Profile name : default File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7doublv4.default\prefs.js C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7doublv4.default\user.js ... Deleted ! Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6OyIxk1sHG&loc=FF_NT"); Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1342808602795"); Deleted : user_pref("extensions.incredibar.admin", false); Deleted : user_pref("extensions.incredibar.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent"); Deleted : user_pref("extensions.incredibar.cntry", "BE"); Deleted : user_pref("extensions.incredibar.dfltLng", "EN"); Deleted : user_pref("extensions.incredibar.dfltSrch", false); Deleted : user_pref("extensions.incredibar.dfltlng", "en"); Deleted : user_pref("extensions.incredibar.dfltsrch", "false"); Deleted : user_pref("extensions.incredibar.did", "10658"); Deleted : user_pref("extensions.incredibar.envrmnt", "production"); Deleted : user_pref("extensions.incredibar.excTlbr", false); Deleted : user_pref("extensions.incredibar.hdrMd5", "7878384631AA3FE1D9BDFDD5ED3BEC55"); Deleted : user_pref("extensions.incredibar.hmpg", false); Deleted : user_pref("extensions.incredibar.hrdid", "0"); Deleted : user_pref("extensions.incredibar.id", "0c5e676900000000000000216b11ca84"); Deleted : user_pref("extensions.incredibar.installerproductid", "26"); Deleted : user_pref("extensions.incredibar.instlDay", "15541"); Deleted : user_pref("extensions.incredibar.instlRef", ""); Deleted : user_pref("extensions.incredibar.instlday", "15541"); Deleted : user_pref("extensions.incredibar.instlref", ""); Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true); Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false"); Deleted : user_pref("extensions.incredibar.keywordurl", ""); Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:23:13"); Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Deleted : user_pref("extensions.incredibar.newTab", false); Deleted : user_pref("extensions.incredibar.newtab", "false"); Deleted : user_pref("extensions.incredibar.newtaburl", ""); Deleted : user_pref("extensions.incredibar.noFFXTlbr", false); Deleted : user_pref("extensions.incredibar.ppd", ""); Deleted : user_pref("extensions.incredibar.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar.productid", "26"); Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar"); Deleted : user_pref("extensions.incredibar.sg", "none"); Deleted : user_pref("extensions.incredibar.smplGrp", "none"); Deleted : user_pref("extensions.incredibar.smplgrp", "none"); Deleted : user_pref("extensions.incredibar.srch", ""); Deleted : user_pref("extensions.incredibar.srchprvdr", ""); Deleted : user_pref("extensions.incredibar.tlbrId", "base"); Deleted : user_pref("extensions.incredibar.tlbrid", "base"); Deleted : user_pref("extensions.incredibar.upn2", "6OyIxk1sHG"); Deleted : user_pref("extensions.incredibar.upn2n", "92261789192061724"); Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:23:13"); Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:23:13"); Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bba82319e-0319-4145-8a14-05c94f76f360[...] -\\ Google Chrome v21.0.1180.60 File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "icon_url": "hxxp://mystart.incredibar.com/mb128/favicon.ico", Deleted : "keyword": "mystart.incredibar.com/mb128", Deleted : "name": "MyStart Search", Deleted : "search_url": "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&search={searchTerms}&a=6OyIxk1sH[...] Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT250409[...] Deleted : "path": "C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.1.0\\\[...] ************************* AdwCleaner[s1].txt - [277 octets] - [04/08/2012 18:00:09] AdwCleaner[s2].txt - [8245 octets] - [04/08/2012 18:27:01] ########## EOF - C:\AdwCleaner[s2].txt - [8373 octets] ########## Heel erg bedankt! Mystart en incredibar zijn volledig verdwenen!

ComboFix 12-07-31.06 - Jan 03/08/2012 23:50:18.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1446 [GMT 2:00] Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Jan\Desktop\CFscript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "C:\user.js" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\1ClickDownload c:\program files\Perion c:\program files\Perion\NewTab\data.txt c:\program files\Perion\NewTab\newTab.crx c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxAPI.dll c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxInstallLog.txt c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\GEARAspiWDM.inf c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\gearaspiwdmx86.cat c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspi.dll c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspiWDM.sys c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico C:\user.js c:\users\Jan\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))) . . 2012-08-03 21:57 . 2012-08-03 21:59 -------- d-----w- c:\users\Jan\AppData\Local\temp 2012-08-03 21:57 . 2012-08-03 21:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-01 20:01 . 2012-08-01 20:01 388096 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 20:01 . 2012-08-01 20:01 -------- d-----w- c:\program files\Trend Micro 2012-07-29 11:53 . 2012-07-29 11:53 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012 2012-07-22 23:14 . 2012-07-22 23:14 110080 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe 2012-07-22 23:14 . 2012-07-22 23:14 110080 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe 2012-07-22 23:14 . 2012-07-22 23:14 110080 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe 2012-07-22 23:14 . 2012-07-22 23:15 -------- d-----w- C:\sh4ldr 2012-07-20 18:48 . 2012-07-20 18:48 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes 2012-07-20 18:48 . 2012-07-20 18:48 -------- d-----w- c:\programdata\Malwarebytes 2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\windows\system32\siscardplugins 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\windows\system32\beidpp 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\program files\BeID Minidriver 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\program files\Belgium Identity Card 2012-07-14 12:43 . 2012-07-14 12:43 -------- d-----w- c:\program files\Common Files\Java 2012-07-14 11:47 . 2012-07-14 11:47 -------- d-----w- c:\program files\Oracle 2012-07-14 11:47 . 2012-07-05 20:06 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-14 11:47 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-11 18:35 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 16:01 . 2012-07-11 16:01 -------- d-----w- c:\users\Jan\AppData\Local\Apple Computer 2012-07-11 16:01 . 2012-07-11 16:26 -------- d-----w- c:\users\Jan\AppData\Roaming\Apple Computer 2012-07-11 16:00 . 2012-07-11 16:00 -------- dc----w- c:\windows\system32\DRVSTORE 2012-07-11 16:00 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-07-11 16:00 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-11 15:58 . 2012-07-11 15:58 -------- d-----w- c:\program files\iPod 2012-07-11 15:58 . 2012-07-12 17:38 -------- d-----w- c:\program files\iTunes 2012-07-11 15:58 . 2012-07-11 15:58 -------- d-----w- c:\programdata\Apple Computer 2012-07-11 15:57 . 2012-07-11 15:57 -------- d-----w- c:\users\Jan\AppData\Local\Apple 2012-07-11 15:57 . 2012-07-11 15:57 -------- d-----w- c:\program files\Apple Software Update 2012-07-11 15:55 . 2012-07-11 15:55 -------- d-----w- c:\program files\Bonjour 2012-07-11 15:55 . 2012-07-11 15:58 -------- d-----w- c:\program files\Common Files\Apple 2012-07-11 15:55 . 2012-07-11 15:57 -------- d-----w- c:\programdata\Apple 2012-07-11 10:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 10:23 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 10:23 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 10:23 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 10:23 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 10:23 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 23:10 . 2012-05-16 12:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-02 23:10 . 2012-05-16 12:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-01 12:04 . 2012-07-01 12:22 92161024 ----a-w- c:\program files\Samsung Kies.msi 2012-06-02 22:19 . 2012-06-08 23:03 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 23:03 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 23:03 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 23:03 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-08 23:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-08 23:03 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-08 23:03 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-08 23:03 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-08 23:03 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-28 22:38 . 2012-05-28 22:38 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-25 09:48 . 2012-05-25 09:51 405504 ----a-w- c:\windows\system32\cmdiag.cpl 2012-05-25 09:48 . 2010-03-31 17:10 97792 ----a-w- c:\windows\system32\drivers\cxbu0wdm.sys 2012-05-25 09:48 . 2012-05-25 09:51 241664 ----a-w- c:\windows\system32\cmabout.dll 2012-05-25 09:48 . 2010-03-31 17:10 65536 ----a-w- c:\windows\system32\chksvrn.dll 2012-05-25 09:48 . 2010-03-31 17:10 35712 ----a-w- c:\windows\system32\drivers\a38usb.sys 2012-05-25 09:48 . 2010-03-31 17:10 110592 ----a-w- c:\windows\system32\usbr38.dll 2012-05-23 16:50 . 2012-07-01 12:14 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-05-23 16:49 . 2012-05-23 16:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-05-23 16:49 . 2012-05-23 16:49 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-05-23 16:49 . 2012-05-23 16:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-05-23 16:49 . 2012-05-23 16:49 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-05-23 16:49 . 2012-05-23 16:49 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-05-23 16:49 . 2012-07-01 12:13 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2012-05-23 16:49 . 2012-07-01 12:13 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-05-23 16:49 . 2012-07-01 12:13 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-05-21 09:06 . 2012-05-21 09:06 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-21 09:06 . 2012-05-21 09:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-05-21 09:06 . 2012-05-21 09:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-05-21 09:06 . 2012-05-21 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-05-21 09:06 . 2012-05-21 09:06 161792 ----a-w- c:\windows\system32\msls31.dll 2012-05-21 09:06 . 2012-05-21 09:06 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-05-21 09:06 . 2012-05-21 09:06 367104 ----a-w- c:\windows\system32\html.iec 2012-05-21 09:06 . 2012-05-21 09:06 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-05-21 09:06 . 2012-05-21 09:06 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-21 09:06 . 2012-05-21 09:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-05-21 09:06 . 2012-05-21 09:06 152064 ----a-w- c:\windows\system32\wextract.exe 2012-05-21 09:06 . 2012-05-21 09:06 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-05-21 09:06 . 2012-05-21 09:06 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-05-21 09:06 . 2012-05-21 09:06 11776 ----a-w- c:\windows\system32\mshta.exe 2012-05-21 09:06 . 2012-05-21 09:06 101888 ----a-w- c:\windows\system32\admparse.dll 2012-05-21 09:06 . 2012-05-21 09:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-05-21 09:04 . 2012-05-21 09:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2012-05-21 09:04 . 2012-05-21 09:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2012-05-21 09:04 . 2012-05-21 09:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2012-05-21 09:04 . 2012-05-21 09:04 2873344 ----a-w- c:\windows\system32\mf.dll 2012-05-21 09:04 . 2012-05-21 09:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2012-05-21 09:04 . 2012-05-21 09:04 98816 ----a-w- c:\windows\system32\mfps.dll 2012-05-21 09:04 . 2012-05-21 09:04 586240 ----a-w- c:\windows\system32\stobject.dll 2012-05-21 09:04 . 2012-05-21 09:04 209920 ----a-w- c:\windows\system32\mfplat.dll 2012-05-21 09:04 . 2012-05-21 09:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2012-05-21 09:04 . 2012-05-21 09:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2012-05-21 09:04 . 2012-05-21 09:04 847360 ----a-w- c:\windows\system32\OpcServices.dll 2012-05-21 09:04 . 2012-05-21 09:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-05-21 09:04 . 2012-05-21 09:04 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-05-21 09:04 . 2012-05-21 09:04 478720 ----a-w- c:\windows\system32\dxgi.dll 2012-05-21 09:04 . 2012-05-21 09:04 37376 ----a-w- c:\windows\system32\cdd.dll 2012-05-21 09:04 . 2012-05-21 09:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-05-21 09:04 . 2012-05-21 09:04 258048 ----a-w- c:\windows\system32\winspool.drv 2012-05-21 09:04 . 2012-05-21 09:04 189952 ----a-w- c:\windows\system32\d3d10core.dll 2012-05-21 09:04 . 2012-05-21 09:04 1029120 ----a-w- c:\windows\system32\d3d10.dll 2012-05-21 09:04 . 2012-05-21 09:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2012-05-21 09:03 . 2012-05-21 09:03 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui 2012-05-21 09:03 . 2012-05-21 09:03 519680 ----a-w- c:\windows\system32\d3d11.dll 2012-05-21 09:03 . 2012-05-21 09:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2012-05-21 09:03 . 2012-05-21 09:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-05-21 09:03 . 2012-05-21 09:03 252928 ----a-w- c:\windows\system32\dxdiag.exe 2012-05-21 09:03 . 2012-05-21 09:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2012-05-21 09:03 . 2012-05-21 09:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-05-21 09:03 . 2012-05-21 09:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-05-21 08:55 . 2011-07-22 09:28 145496 ----a-w- c:\windows\system32\drivers\jmcr.sys 2012-05-21 08:55 . 2010-07-27 08:08 203352 ----a-w- c:\windows\system32\jmcricon.dll 2012-05-20 10:08 . 2012-05-20 10:14 8192 ----a-w- c:\windows\system32\E_DCINST.DLL 2012-05-20 10:08 . 2012-05-20 10:14 93696 ----a-w- c:\windows\system32\E_FLBGBU.DLL 2012-05-20 10:08 . 2012-05-20 10:14 63488 ----a-w- c:\windows\system32\E_FD4BGBU.DLL 2012-05-19 19:33 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2012-04-21 01:18 . 2012-05-17 08:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-06-08 958392] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 23:10] . 2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1268758224-1715684519-2487069822-1000Core.job - c:\users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 13:27] . 2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1268758224-1715684519-2487069822-1000UA.job - c:\users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 13:27] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7doublv4.default\ FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bba82319e-0319-4145-8a14-05c94f76f360%7D&mid=44317810916d47d0aae6d16acd884181-08fabc3337ae923e024d3bfe6e5874cb96fd9dcf&ds=AVG&v=12.1.0.20〈=nl&pr=pr&d=2012-07-23%2001%3A38%3A21&sap=ku&q= FF - user.js: extentions.y2layers.installId - 078e300a-c5b1-4fd1-82a4-df6dda77e9b0 FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-03 23:59 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Nero\Update\NASvc.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe . ************************************************************************** . Voltooingstijd: 2012-08-04 00:04:49 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-03 22:04 ComboFix2.txt 2012-08-02 21:56 . Pre-Run: 46.399.082.496 bytes beschikbaar Post-Run: 46.079.942.656 bytes beschikbaar . - - End Of File - - E95507162467927C7C3B66DB867BA248

ComboFix 12-07-31.03 - Jan 02/08/2012 23:38:21.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1691 [GMT 2:00] Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Jan\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\windows\system32\muzapp.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-08-01 20:01 . 2012-08-01 20:01 388096 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 20:01 . 2012-08-01 20:01 -------- d-----w- c:\program files\Trend Micro 2012-07-29 11:53 . 2012-07-29 11:53 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012 2012-07-22 23:14 . 2012-07-22 23:14 110080 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe 2012-07-22 23:14 . 2012-07-22 23:14 110080 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe 2012-07-22 23:14 . 2012-07-22 23:14 110080 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe 2012-07-22 23:14 . 2012-07-22 23:15 -------- d-----w- C:\sh4ldr 2012-07-20 18:48 . 2012-07-20 18:48 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes 2012-07-20 18:48 . 2012-07-20 18:48 -------- d-----w- c:\programdata\Malwarebytes 2012-07-20 18:24 . 2012-07-20 18:30 -------- d-----w- c:\program files\1ClickDownload 2012-07-20 18:23 . 2012-07-20 18:23 -------- d-----w- c:\program files\Perion 2012-07-20 18:23 . 2012-07-20 18:23 447 ----a-w- C:\user.js 2012-07-20 18:19 . 2012-07-22 19:45 -------- d-----w- c:\programdata\Tarma Installer 2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\windows\system32\siscardplugins 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\windows\system32\beidpp 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\program files\BeID Minidriver 2012-07-14 13:18 . 2012-07-14 13:18 -------- d-----w- c:\program files\Belgium Identity Card 2012-07-14 12:43 . 2012-07-14 12:43 -------- d-----w- c:\program files\Common Files\Java 2012-07-14 11:47 . 2012-07-14 11:47 -------- d-----w- c:\program files\Oracle 2012-07-14 11:47 . 2012-07-05 20:06 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-14 11:47 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-11 18:35 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 16:01 . 2012-07-11 16:01 -------- d-----w- c:\users\Jan\AppData\Local\Apple Computer 2012-07-11 16:01 . 2012-07-11 16:26 -------- d-----w- c:\users\Jan\AppData\Roaming\Apple Computer 2012-07-11 16:00 . 2012-07-11 16:00 -------- dc----w- c:\windows\system32\DRVSTORE 2012-07-11 16:00 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-07-11 16:00 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-11 15:58 . 2012-07-11 15:58 -------- d-----w- c:\program files\iPod 2012-07-11 15:58 . 2012-07-12 17:38 -------- d-----w- c:\program files\iTunes 2012-07-11 15:58 . 2012-07-11 16:00 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-07-11 15:58 . 2012-07-11 15:58 -------- d-----w- c:\programdata\Apple Computer 2012-07-11 15:57 . 2012-07-11 15:57 -------- d-----w- c:\users\Jan\AppData\Local\Apple 2012-07-11 15:57 . 2012-07-11 15:57 -------- d-----w- c:\program files\Apple Software Update 2012-07-11 15:55 . 2012-07-11 15:55 -------- d-----w- c:\program files\Bonjour 2012-07-11 15:55 . 2012-07-11 15:58 -------- d-----w- c:\program files\Common Files\Apple 2012-07-11 15:55 . 2012-07-11 15:57 -------- d-----w- c:\programdata\Apple 2012-07-11 10:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 10:23 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 10:23 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 10:23 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 10:23 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 10:23 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-28 07:10 . 2012-05-16 12:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-28 07:10 . 2012-05-16 12:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-01 12:04 . 2012-07-01 12:22 92161024 ----a-w- c:\program files\Samsung Kies.msi 2012-06-02 22:19 . 2012-06-08 23:03 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 23:03 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 23:03 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 23:03 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-08 23:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-08 23:03 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-08 23:03 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-08 23:03 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-08 23:03 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-28 22:38 . 2012-05-28 22:38 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-25 09:48 . 2012-05-25 09:51 405504 ----a-w- c:\windows\system32\cmdiag.cpl 2012-05-25 09:48 . 2010-03-31 17:10 97792 ----a-w- c:\windows\system32\drivers\cxbu0wdm.sys 2012-05-25 09:48 . 2012-05-25 09:51 241664 ----a-w- c:\windows\system32\cmabout.dll 2012-05-25 09:48 . 2010-03-31 17:10 65536 ----a-w- c:\windows\system32\chksvrn.dll 2012-05-25 09:48 . 2010-03-31 17:10 35712 ----a-w- c:\windows\system32\drivers\a38usb.sys 2012-05-25 09:48 . 2010-03-31 17:10 110592 ----a-w- c:\windows\system32\usbr38.dll 2012-05-23 16:50 . 2012-07-01 12:14 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-05-23 16:49 . 2012-05-23 16:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-05-23 16:49 . 2012-05-23 16:49 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-05-23 16:49 . 2012-05-23 16:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-05-23 16:49 . 2012-05-23 16:49 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-05-23 16:49 . 2012-05-23 16:49 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-05-23 16:49 . 2012-07-01 12:13 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2012-05-23 16:49 . 2012-07-01 12:13 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-05-23 16:49 . 2012-07-01 12:13 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-05-21 09:06 . 2012-05-21 09:06 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-21 09:06 . 2012-05-21 09:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-05-21 09:06 . 2012-05-21 09:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-05-21 09:06 . 2012-05-21 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-05-21 09:06 . 2012-05-21 09:06 161792 ----a-w- c:\windows\system32\msls31.dll 2012-05-21 09:06 . 2012-05-21 09:06 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-05-21 09:06 . 2012-05-21 09:06 367104 ----a-w- c:\windows\system32\html.iec 2012-05-21 09:06 . 2012-05-21 09:06 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-05-21 09:06 . 2012-05-21 09:06 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-21 09:06 . 2012-05-21 09:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-05-21 09:06 . 2012-05-21 09:06 152064 ----a-w- c:\windows\system32\wextract.exe 2012-05-21 09:06 . 2012-05-21 09:06 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-05-21 09:06 . 2012-05-21 09:06 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-05-21 09:06 . 2012-05-21 09:06 11776 ----a-w- c:\windows\system32\mshta.exe 2012-05-21 09:06 . 2012-05-21 09:06 101888 ----a-w- c:\windows\system32\admparse.dll 2012-05-21 09:06 . 2012-05-21 09:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-05-21 09:04 . 2012-05-21 09:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2012-05-21 09:04 . 2012-05-21 09:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2012-05-21 09:04 . 2012-05-21 09:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2012-05-21 09:04 . 2012-05-21 09:04 2873344 ----a-w- c:\windows\system32\mf.dll 2012-05-21 09:04 . 2012-05-21 09:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2012-05-21 09:04 . 2012-05-21 09:04 98816 ----a-w- c:\windows\system32\mfps.dll 2012-05-21 09:04 . 2012-05-21 09:04 586240 ----a-w- c:\windows\system32\stobject.dll 2012-05-21 09:04 . 2012-05-21 09:04 209920 ----a-w- c:\windows\system32\mfplat.dll 2012-05-21 09:04 . 2012-05-21 09:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2012-05-21 09:04 . 2012-05-21 09:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2012-05-21 09:04 . 2012-05-21 09:04 847360 ----a-w- c:\windows\system32\OpcServices.dll 2012-05-21 09:04 . 2012-05-21 09:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-05-21 09:04 . 2012-05-21 09:04 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-05-21 09:04 . 2012-05-21 09:04 478720 ----a-w- c:\windows\system32\dxgi.dll 2012-05-21 09:04 . 2012-05-21 09:04 37376 ----a-w- c:\windows\system32\cdd.dll 2012-05-21 09:04 . 2012-05-21 09:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-05-21 09:04 . 2012-05-21 09:04 258048 ----a-w- c:\windows\system32\winspool.drv 2012-05-21 09:04 . 2012-05-21 09:04 189952 ----a-w- c:\windows\system32\d3d10core.dll 2012-05-21 09:04 . 2012-05-21 09:04 1029120 ----a-w- c:\windows\system32\d3d10.dll 2012-05-21 09:04 . 2012-05-21 09:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2012-05-21 09:03 . 2012-05-21 09:03 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui 2012-05-21 09:03 . 2012-05-21 09:03 519680 ----a-w- c:\windows\system32\d3d11.dll 2012-05-21 09:03 . 2012-05-21 09:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2012-05-21 09:03 . 2012-05-21 09:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-05-21 09:03 . 2012-05-21 09:03 252928 ----a-w- c:\windows\system32\dxdiag.exe 2012-05-21 09:03 . 2012-05-21 09:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2012-05-21 09:03 . 2012-05-21 09:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-05-21 09:03 . 2012-05-21 09:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-05-21 08:55 . 2011-07-22 09:28 145496 ----a-w- c:\windows\system32\drivers\jmcr.sys 2012-05-21 08:55 . 2010-07-27 08:08 203352 ----a-w- c:\windows\system32\jmcricon.dll 2012-05-20 10:08 . 2012-05-20 10:14 8192 ----a-w- c:\windows\system32\E_DCINST.DLL 2012-05-20 10:08 . 2012-05-20 10:14 93696 ----a-w- c:\windows\system32\E_FLBGBU.DLL 2012-05-20 10:08 . 2012-05-20 10:14 63488 ----a-w- c:\windows\system32\E_FD4BGBU.DLL 2012-05-19 19:33 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2012-04-21 01:18 . 2012-05-17 08:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-06-08 958392] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 07:10] . 2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1268758224-1715684519-2487069822-1000Core.job - c:\users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 13:27] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1268758224-1715684519-2487069822-1000UA.job - c:\users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 13:27] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7doublv4.default\ FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bba82319e-0319-4145-8a14-05c94f76f360%7D&mid=44317810916d47d0aae6d16acd884181-08fabc3337ae923e024d3bfe6e5874cb96fd9dcf&ds=AVG&v=12.1.0.20〈=nl&pr=pr&d=2012-07-23%2001%3A38%3A21&sap=ku&q= FF - user.js: extentions.y2layers.installId - 078e300a-c5b1-4fd1-82a4-df6dda77e9b0 FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyIxk1sHG&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 0c5e676900000000000000216b11ca84 FF - user.js: extensions.incredibar_i.instlDay - 15541 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:23 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyIxk1sHG FF - user.js: extensions.incredibar_i.upn2n - 92261789192061724 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10658 FF - user.js: extensions.incredibar_i.ppd - user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe AddRemove-LSI Soft Modem - c:\windows\agrsmdel AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-02 23:51 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Nero\Update\NASvc.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\windows\system32\WUDFHost.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Enigma Software Group\SpyHunter\Spyhunter4.exe c:\windows\system32\conime.exe c:\windows\system32\WerCon.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\windows\system32\SLUI.exe . ************************************************************************** . Voltooingstijd: 2012-08-02 23:56:13 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-02 21:55 . Pre-Run: 43.665.506.304 bytes beschikbaar Post-Run: 45.211.398.144 bytes beschikbaar . - - End Of File - - 566807885D68FAF12C0C3AD1710633F4

Beste, sinds kort wordt ik geplaagd door deze toolbar in al mijn browsers (internet explorer, Firefox en Google Chrome). Ik heb al het één en ander geprobeerd om Incredibar van mijn pc te verwijderen maar wat slechts gelukt is om mijn homepage te behouden, maar vanaf ik een nieuw tabblad open is hij er weer. Ik las in discussies dat jullie met dit probleem ervaring hebben... ik hoop dat jullie mij dus ook zullen kunnen helpen. Spyhunter en AVG gebruik ik momenteel voor malware/virussen. Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:06:39, on 1/08/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Users\Jan\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- End of file - 7866 bytes xsacrax