Ga naar inhoud

bijlagen downloaden

AnnieW

Door AnnieW
in Archief Internet & Netwerk

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)

Dit ziet er weer netjes uit. Maak nu eerst een nieuw herstelpunt aan ... want de volgende stap is een nieuwe run van Combofix. Met dat nieuwe herstelpunt kan je terug gaan naar de situatie van vandaag (met de fouten van HijackThis al verbeterd).

aangepast door kape
Link naar reactie
Delen op andere sites
  • Reacties 58
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

AnnieW Verkenner

AnnieW

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-06-23.05 - Annie Wissink 24-06-2012 0:11.1.2 - x86

Gestart vanuit: c:\users\Annie Wissink\Desktop\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Complitly

c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe

c:\program files\Complitly\FireFoxUninstaller.exe

c:\program files\Complitly\InstTracker.exe

c:\program files\Complitly\support@Complitly.com\chrome.manifest

c:\program files\Complitly\support@Complitly.com\chrome\content\options.js

c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js

c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js

c:\program files\Complitly\System.Data.SQLite.dll

c:\program files\Complitly\unins000.exe

c:\program files\DealPly

c:\program files\DealPly\DealPlyTune.dll

c:\users\Annie Wissink\AppData\Local\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll

c:\users\ANNIEW~1\AppData\Local\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll

c:\windows\unin0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))

.

.

2012-06-22 21:06 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 20:01 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 20:01 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 20:01 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 20:01 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 19:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 19:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 19:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 19:59 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 19:59 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 21:41 . 2012-06-22 19:47 -------- d-----w- c:\program files\AVG Secure Search

2012-06-20 21:29 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-20 21:29 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-20 21:29 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-20 21:26 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-20 21:26 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-17 12:50 . 2012-06-20 19:24 -------- d-----w- c:\users\Annie Wissink\AppData\Local\Temp(326)

2012-06-17 12:50 . 2012-06-17 12:50 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\Temp(348)

2012-06-15 11:45 . 2012-06-15 11:45 -------- d-----w- c:\users\Annie Wissink\AppData\Roaming\Malwarebytes

2012-06-15 11:44 . 2012-06-15 11:44 -------- d-----w- c:\programdata\Malwarebytes

2012-06-15 11:44 . 2012-06-22 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-11 10:31 . 2012-06-11 19:14 -------- d-----w- C:\HiJackThis

2012-06-10 19:46 . 2012-06-10 19:46 -------- d-----w- c:\program files\Common Files\Java(148)

2012-06-10 18:24 . 2012-06-10 18:24 -------- d-----w- c:\programdata\Ask

2012-06-07 13:40 . 2012-06-07 13:40 -------- d-----w- c:\users\Annie Wissink\AppData\Local\AVG Secure Search

2012-05-27 17:46 . 2012-05-27 18:54 -------- d-----w- c:\users\Annie Wissink\AppData\Roaming\Apple Computer

2012-05-27 17:46 . 2012-05-27 17:46 -------- d-----w- c:\users\Annie Wissink\AppData\Local\Apple Computer

2012-05-27 17:46 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-27 17:46 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-05-27 17:44 . 2012-05-27 17:44 -------- d-----w- c:\program files\iPod

2012-05-27 17:44 . 2012-05-27 17:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-05-27 17:44 . 2012-05-27 17:46 -------- d-----w- c:\program files\iTunes

2012-05-27 17:44 . 2012-05-27 17:44 -------- d-----w- c:\programdata\Apple Computer

2012-05-27 17:42 . 2012-05-27 17:42 -------- d-----w- c:\users\Annie Wissink\AppData\Local\Apple

2012-05-27 17:42 . 2012-06-20 21:00 -------- d-----w- c:\program files\Apple Software Update

2012-05-27 17:39 . 2012-05-27 17:39 -------- d-----w- c:\program files\Bonjour

2012-05-27 17:39 . 2012-05-27 17:44 -------- d-----w- c:\program files\Common Files\Apple

2012-05-27 17:39 . 2012-05-27 17:42 -------- d-----w- c:\programdata\Apple

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-18 01:14 . 2012-06-20 22:12 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7D640DB-89CF-4790-97DA-024AAD010ED1}\mpengine.dll

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-03 08:16 . 2012-05-10 16:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-10 16:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-10 16:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-19 16:08 . 2009-12-15 22:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-22 19:45 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-22 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-10-01 107864]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Samsung_AppInst"="f:\samsungsoftware\AppInst.exe" [bU]

"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [bU]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]

"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-06 943504]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-02 21416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-06 77824]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-22 1104440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

2011-05-30 21:06 114176 ----a-w- c:\windows\System32\advpack.dll

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 13:09]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - c:\users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000&barid={D8A43D28-1877-48FF-8A2F-14A46DBFD3AE}

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=240e99d10000000000000017c43ab89c&q=

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

FF - user.js: extensions.BabylonToolbar_i.id - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.hardId - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{C0D70ED8-D984-40C3-9666-8939CE76EA13} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{575BDDF5-790A-4D01-A37D-2863DEC1C085} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-24 00:30

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Samsung_AppInst = f:\samsungsoftware\AppInst.exe????????p???????????????t???????????????????????????????????????????????????????????????????????????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3412)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll

c:\program files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtShell.dll

c:\progra~1\Clarus\SAMSUN~1\SHCONT~1.DLL

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\AVG\AVG2012\avgwdsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Acer\Empowering Technology\Service\ETService.exe

c:\windows\system32\FsUsbExService.Exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\AVG\AVG2012\AVGIDSAgent.exe

c:\windows\system32\WUDFHost.exe

c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\conime.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Internet Explorer\IELowutil.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\sdclt.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-24 00:38:53 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-23 22:38

ComboFix2.txt 2012-06-17 12:50

ComboFix3.txt 2012-06-15 16:12

.

Pre-Run: 42.928.287.744 bytes beschikbaar

Post-Run: 42.680.414.208 bytes beschikbaar

.

- - End Of File - - 9A0A5E6BB392B1C760FD42F28A635921

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst: (aangepast)

Maak ook nu weer - vóór je aan het volgende begint - eerst een nieuw herstelpunt aan. Ook dan kan je er - bij eventuele problemen - weer naar terugkeren.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Annie Wissink\AppData\Local\Temp(326)

c:\users\McAfeeMVSUser\AppData\Local\Temp(348)

c:\programdata\Ask

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

Firefox::

FF - ProfilePath - c:\users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000&barid={D8A43D28-1877-48FF-8A2F-14A46DBFD3AE}

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=240e99d10000000000000017c43ab89c&q=

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

FF - user.js: extensions.BabylonToolbar_i.id - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.hardId - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

aangepast door kape
herstelpunt
Link naar reactie
Delen op andere sites
AnnieW Verkenner

AnnieW

Geplaatst:
  • Auteur
Geplaatst:

Ik hoop dat het goed gegaan is want nadat ik het txt.script in Combofix.exe gesleept had gaf ie aan dat er een updat was van het programma en toen heb ik op ja gedrukt, daarna is Combofix opnieuw opgestart. Zie hieronder de logfile:

ComboFix 12-06-24.03 - Annie Wissink 24-06-2012 21:09:00.2.2 - x86

Gestart vanuit: c:\users\Annie Wissink\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Annie Wissink\Desktop\CFScript.txt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxAPI.dll

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxInstallLog.txt

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\GEARAspiWDM.inf

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\gearaspiwdmx86.cat

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspi.dll

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspiWDM.sys

c:\programdata\Ask

c:\users\Annie Wissink\AppData\Local\Temp(326)

c:\users\Annie Wissink\AppData\Local\Temp(326)\Annie Wissink.bmp

c:\users\Annie Wissink\AppData\Local\Temp(326)\eDatasecurity\FileList.txt

c:\users\McAfeeMVSUser\AppData\Local\Temp(348)

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-24 to 2012-06-24 ))))))))))))))))))))))))))))))

.

.

2012-06-24 19:22 . 2012-06-24 19:23 -------- d-----w- c:\users\Annie Wissink\AppData\Local\temp

2012-06-24 19:22 . 2012-06-24 19:22 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp

2012-06-24 19:22 . 2012-06-24 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-22 21:06 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 20:01 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 20:01 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 20:01 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 20:01 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 19:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 19:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 19:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 19:59 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 19:59 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 22:12 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7D640DB-89CF-4790-97DA-024AAD010ED1}\mpengine.dll

2012-06-20 21:41 . 2012-06-22 19:47 -------- d-----w- c:\program files\AVG Secure Search

2012-06-20 21:29 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-20 21:29 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-20 21:29 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-20 21:26 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-20 21:26 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-15 11:45 . 2012-06-15 11:45 -------- d-----w- c:\users\Annie Wissink\AppData\Roaming\Malwarebytes

2012-06-15 11:44 . 2012-06-15 11:44 -------- d-----w- c:\programdata\Malwarebytes

2012-06-15 11:44 . 2012-06-22 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-11 10:31 . 2012-06-11 19:14 -------- d-----w- C:\HiJackThis

2012-06-10 19:46 . 2012-06-10 19:46 -------- d-----w- c:\program files\Common Files\Java(148)

2012-06-07 13:40 . 2012-06-07 13:40 -------- d-----w- c:\users\Annie Wissink\AppData\Local\AVG Secure Search

2012-05-27 17:46 . 2012-05-27 18:54 -------- d-----w- c:\users\Annie Wissink\AppData\Roaming\Apple Computer

2012-05-27 17:46 . 2012-05-27 17:46 -------- d-----w- c:\users\Annie Wissink\AppData\Local\Apple Computer

2012-05-27 17:46 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-27 17:46 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-05-27 17:44 . 2012-05-27 17:44 -------- d-----w- c:\program files\iPod

2012-05-27 17:44 . 2012-05-27 17:46 -------- d-----w- c:\program files\iTunes

2012-05-27 17:44 . 2012-05-27 17:44 -------- d-----w- c:\programdata\Apple Computer

2012-05-27 17:42 . 2012-05-27 17:42 -------- d-----w- c:\users\Annie Wissink\AppData\Local\Apple

2012-05-27 17:42 . 2012-06-20 21:00 -------- d-----w- c:\program files\Apple Software Update

2012-05-27 17:39 . 2012-05-27 17:39 -------- d-----w- c:\program files\Bonjour

2012-05-27 17:39 . 2012-05-27 17:44 -------- d-----w- c:\program files\Common Files\Apple

2012-05-27 17:39 . 2012-05-27 17:42 -------- d-----w- c:\programdata\Apple

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-03 08:16 . 2012-05-10 16:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-10 16:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-10 16:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-19 16:08 . 2009-12-15 22:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-22 19:45 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-22 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-10-01 107864]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Samsung_AppInst"="f:\samsungsoftware\AppInst.exe" [bU]

"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [bU]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]

"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-06 943504]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-02 21416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-06 77824]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-22 1104440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

2011-05-30 21:06 114176 ----a-w- c:\windows\System32\advpack.dll

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 13:09]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - c:\users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

FF - prefs.js: browser.search.defaulturl -

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-24 21:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Samsung_AppInst = f:\samsungsoftware\AppInst.exe????????p???????????????t???????????????????????????????????????????????????????????????????????????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-06-24 21:27:06

ComboFix-quarantined-files.txt 2012-06-24 19:27

ComboFix2.txt 2012-06-23 22:38

ComboFix3.txt 2012-06-17 12:50

ComboFix4.txt 2012-06-15 16:12

.

Pre-Run: 42.238.808.064 bytes beschikbaar

Post-Run: 41.581.547.520 bytes beschikbaar

.

- - End Of File - - 316E745C677DFA599AB208C6B5DB551E

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Bijna geslaagd :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

DDS::

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
AnnieW Verkenner

AnnieW

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-06-24.03 - Annie Wissink 25-06-2012 9:09.3.2 - x86

Gestart vanuit: c:\users\Annie Wissink\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Annie Wissink\Desktop\CFScript.txt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 ))))))))))))))))))))))))))))))

.

.

2012-06-25 07:22 . 2012-06-25 07:22 -------- d-----w- c:\users\Annie Wissink\AppData\Local\temp

2012-06-25 07:22 . 2012-06-25 07:22 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp

2012-06-25 07:22 . 2012-06-25 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-22 21:06 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 20:01 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 20:01 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 20:01 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 20:01 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 19:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 19:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 19:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 19:59 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 19:59 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 22:12 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7D640DB-89CF-4790-97DA-024AAD010ED1}\mpengine.dll

2012-06-20 21:41 . 2012-06-22 19:47 -------- d-----w- c:\program files\AVG Secure Search

2012-06-20 21:29 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-20 21:29 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-20 21:29 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-20 21:26 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-20 21:26 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-15 11:45 . 2012-06-15 11:45 -------- d-----w- c:\users\Annie Wissink\AppData\Roaming\Malwarebytes

2012-06-15 11:44 . 2012-06-15 11:44 -------- d-----w- c:\programdata\Malwarebytes

2012-06-15 11:44 . 2012-06-22 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-11 10:31 . 2012-06-11 19:14 -------- d-----w- C:\HiJackThis

2012-06-10 19:46 . 2012-06-10 19:46 -------- d-----w- c:\program files\Common Files\Java(148)

2012-06-07 13:40 . 2012-06-07 13:40 -------- d-----w- c:\users\Annie Wissink\AppData\Local\AVG Secure Search

2012-05-27 17:46 . 2012-05-27 18:54 -------- d-----w- c:\users\Annie Wissink\AppData\Roaming\Apple Computer

2012-05-27 17:46 . 2012-05-27 17:46 -------- d-----w- c:\users\Annie Wissink\AppData\Local\Apple Computer

2012-05-27 17:46 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-27 17:46 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-05-27 17:44 . 2012-05-27 17:44 -------- d-----w- c:\program files\iPod

2012-05-27 17:44 . 2012-05-27 17:46 -------- d-----w- c:\program files\iTunes

2012-05-27 17:44 . 2012-05-27 17:44 -------- d-----w- c:\programdata\Apple Computer

2012-05-27 17:42 . 2012-05-27 17:42 -------- d-----w- c:\users\Annie Wissink\AppData\Local\Apple

2012-05-27 17:42 . 2012-06-20 21:00 -------- d-----w- c:\program files\Apple Software Update

2012-05-27 17:39 . 2012-05-27 17:39 -------- d-----w- c:\program files\Bonjour

2012-05-27 17:39 . 2012-05-27 17:44 -------- d-----w- c:\program files\Common Files\Apple

2012-05-27 17:39 . 2012-05-27 17:42 -------- d-----w- c:\programdata\Apple

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-03 08:16 . 2012-05-10 16:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-10 16:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-10 16:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-19 16:08 . 2009-12-15 22:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-22 19:45 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-22 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-10-01 107864]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Samsung_AppInst"="f:\samsungsoftware\AppInst.exe" [bU]

"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [bU]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]

"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-06 943504]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-02 21416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-06 77824]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-22 1104440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

2011-05-30 21:06 114176 ----a-w- c:\windows\System32\advpack.dll

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 13:09]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - c:\users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

FF - prefs.js: browser.search.defaulturl -

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-25 09:22

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Samsung_AppInst = f:\samsungsoftware\AppInst.exe????????p???????????????t???????????????????????????????????????????????????????????????????????????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-06-25 09:26:43

ComboFix-quarantined-files.txt 2012-06-25 07:26

ComboFix2.txt 2012-06-24 19:27

ComboFix3.txt 2012-06-23 22:38

ComboFix4.txt 2012-06-17 12:50

ComboFix5.txt 2012-06-25 07:06

.

Pre-Run: 41.611.091.968 bytes beschikbaar

Post-Run: 41.588.310.016 bytes beschikbaar

.

- - End Of File - - A1A3DF369A8117689D3E0D361290EB82

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Het merendeel zit dus blijkbaar in Chrome en in "Documenten". Die mag je zeker verwijderen. De rest gaat automatisch mee verdwijnen als we Combofix van de PC halen.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.