bijlagen downloaden

[kape]

Dan mag je besluiten dat Internet Explorer de boosdoener was.

Voor de rest gaan we wat dieper kijken. Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[AnnieW]

Oke, daar is ie dan...........

ComboFix 12-06-15.02 - Annie Wissink 15-06-2012 17:41:59.1.2 - x86

Gestart vanuit: C:\Users\Annie Wissink\Downloads\ComboFix.exe

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Complitly

C:\Program Files\Complitly\chrome\ComplitlyChrome.crx

C:\Program Files\Complitly\FireFoxExtensionWithFF8Fix.exe

C:\Program Files\Complitly\FireFoxUninstaller.exe

C:\Program Files\Complitly\InstTracker.exe

C:\Program Files\Complitly\support@Complitly.com\chrome.manifest

C:\Program Files\Complitly\support@Complitly.com\chrome\content\appIcon.png

C:\Program Files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul

C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.js

C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.xul

C:\Program Files\Complitly\support@Complitly.com\chrome\content\utils.js

C:\Program Files\Complitly\support@Complitly.com\defaults\preferences\predictad.js

C:\Program Files\Complitly\support@Complitly.com\install.rdf

C:\Program Files\Complitly\System.Data.SQLite.dll

C:\Program Files\Complitly\unins000.dat

C:\Program Files\Complitly\unins000.exe

C:\Program Files\mbam-setup-1.61.0.1400.exe

C:\Users\Annie Wissink\AppData\Local\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll

C:\Users\Annie Wissink\AppData\Roaming\.#

C:\Users\Annie Wissink\Favorites\mxfilerelatedcache.mxc2

C:\Users\ANNIEW~1\AppData\Local\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll

C:\Windows\iun6002.exe

C:\Windows\system32\muzapp.exe

C:\Windows\unin0413.exe

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-15 to 2012-06-15 ))))))))))))))))))))))))))))))

2012-06-15 15:57:32 . 2012-06-15 15:57:32 -------- d-----w- C:\Users\McAfeeMVSUser\AppData\Local\temp

2012-06-15 15:57:32 . 2012-06-15 15:57:32 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-06-15 11:58:13 . 2012-06-11 19:00:58 388608 ----a-w- C:\Program Files\HijackThis.exe

2012-06-15 11:45:06 . 2012-06-15 11:45:06 -------- d-----w- C:\Users\Annie Wissink\AppData\Roaming\Malwarebytes

2012-06-15 11:44:59 . 2012-06-15 11:44:59 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-15 11:44:58 . 2012-06-15 11:45:03 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2012-06-15 11:44:58 . 2012-04-04 13:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-06-13 11:20:54 . 2012-04-23 16:00:53 984064 ----a-w- C:\Windows\system32\crypt32.dll

2012-06-13 11:20:54 . 2012-04-23 16:00:53 133120 ----a-w- C:\Windows\system32\cryptsvc.dll

2012-06-13 11:20:53 . 2012-04-23 16:00:53 98304 ----a-w- C:\Windows\system32\cryptnet.dll

2012-06-13 11:19:30 . 2012-05-15 19:51:08 2045440 ----a-w- C:\Windows\system32\win32k.sys

2012-06-13 11:19:27 . 2012-05-01 14:03:49 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys

2012-06-11 10:31:22 . 2012-06-11 19:14:44 -------- d-----w- C:\HiJackThis

2012-06-10 19:46:59 . 2012-06-10 19:46:59 -------- d-----w- C:\Program Files\Common Files\Java

2012-06-10 18:24:02 . 2012-06-10 18:24:02 -------- d-----w- C:\ProgramData\Ask

2012-06-10 18:23:22 . 2012-06-10 18:23:06 476960 ----a-w- C:\Windows\system32\npdeployJava1.dll

2012-06-07 13:40:21 . 2012-06-07 13:40:21 -------- d-----w- C:\Users\Annie Wissink\AppData\Local\AVG Secure Search

2012-05-27 17:46:31 . 2012-05-27 18:54:56 -------- d-----w- C:\Users\Annie Wissink\AppData\Roaming\Apple Computer

2012-05-27 17:46:31 . 2012-05-27 17:46:31 -------- d-----w- C:\Users\Annie Wissink\AppData\Local\Apple Computer

2012-05-27 17:46:05 . 2009-05-18 11:17:00 26600 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys

2012-05-27 17:46:05 . 2008-04-17 10:12:54 107368 ----a-w- C:\Windows\system32\GEARAspi.dll

2012-05-27 17:44:27 . 2012-05-27 17:44:28 -------- d-----w- C:\Program Files\iPod

2012-05-27 17:44:24 . 2012-05-27 17:46:00 -------- d-----w- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-05-27 17:44:24 . 2012-05-27 17:46:00 -------- d-----w- C:\Program Files\iTunes

2012-05-27 17:44:24 . 2012-05-27 17:44:24 -------- d-----w- C:\ProgramData\Apple Computer

2012-05-27 17:42:53 . 2012-05-27 17:42:53 -------- d-----w- C:\Users\Annie Wissink\AppData\Local\Apple

2012-05-27 17:42:30 . 2012-05-27 17:42:32 -------- d-----w- C:\Program Files\Apple Software Update

2012-05-27 17:39:49 . 2012-05-27 17:39:51 -------- d-----w- C:\Program Files\Bonjour

2012-05-27 17:39:21 . 2012-05-27 17:44:25 -------- d-----w- C:\Program Files\Common Files\Apple

2012-05-27 17:39:21 . 2012-05-27 17:42:15 -------- d-----w- C:\ProgramData\Apple

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-10 18:23:06 . 2010-05-31 20:37:41 472864 ----a-w- C:\Windows\system32\deployJava1.dll

2012-05-08 16:40:12 . 2012-06-12 15:12:38 6737808 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D3ED44E-94DA-4ED4-B578-62CD1D2A2288}\mpengine.dll

2012-04-19 02:50:26 . 2012-04-19 02:50:26 24896 ----a-w- C:\Windows\system32\drivers\avgidshx.sys

2012-04-03 08:16:12 . 2012-05-10 16:10:33 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 . 2012-05-10 16:10:33 3550080 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-03-30 12:39:11 . 2012-05-10 16:10:56 905600 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-03-20 23:28:50 . 2012-05-10 16:10:58 53120 ----a-w- C:\Windows\system32\drivers\partmgr.sys

2012-03-19 03:17:28 . 2012-03-19 03:17:28 301248 ----a-w- C:\Windows\system32\drivers\avgtdix.sys

2012-06-01 15:38:43 . 2012-06-15 14:37:31 85472 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

2010-06-19 16:08:16 . 2009-12-15 22:48:46 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-07 13:39:43 2068536 ----a-w- C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 13:39:43 2068536]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 16:05:06 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]

"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-10-01 10:58:12 107864]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

"Olympus ib"="C:\Program Files\Olympus\ib\olycamdetect.exe" [2011-03-11 14:17:30 93360]

"AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 02:28:26 11989960]

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2012-03-06 22:36:32 943504]

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-02 17:18:30 21416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 18:08:40 1049896]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 20:42:36 34040]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 14:30:14 147456]

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 14:30:20 167936]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 13:18:02 167936]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 21:52:52 6183456]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 09:56:18 200704]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 16:05:22 526896]

"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 09:22:16 409600]

"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 08:03:46 303104]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 16:08:16 30192]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-12-06 23:22:21 77824]

"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 12:40:00 83336]

"MDS_Menu"="C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 10:43:42 220336]

"Olympus ib"="C:\Program Files\Olympus\ib\olycamdetect.exe" [2011-03-11 14:17:30 93360]

"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 01:44:40 500208]

"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 02:57:06 406992]

"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 16:36:46 30040]

"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe" [2012-04-05 03:12:34 2587008]

"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2012-06-07 13:39:43 1104440]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-10-13 11:15:30 138008]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-10-13 11:15:18 171288]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-10-13 11:15:22 172824]

"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 22:36:32 3508624]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 19:28:32 59240]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-03-27 03:09:24 421736]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 14:03:34 4283256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - FSUSBEXDISK

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

2011-05-30 21:06:45 114176 ----a-w- C:\Windows\System32\advpack.dll

Inhoud van de 'Gedeelde Taken' map

2012-06-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10:48 . 2010-01-23 13:10:28]

2012-06-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10:48 . 2010-01-23 13:10:28]

------- Bijkomende Scan -------

uStart Page = hxxp://www.wervershoofsemolen.nl/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - C:\Users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111805&babsrc=HP_ss&mntrId=240e99d10000000000000017c43ab89c

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B682a7e0a-fe65-41c8-9e5d-043d92341ca5%7D&mid=06cd3814270c47d69118d154342a7345-6dd2d4ae5848ffdb6c44e749268c1cccaec30abd&ds=AVG&v=11.1.0.7〈=nl&pr=pr&d=2012-06-07%2015%3A39%3A49&sap=ku&q=

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

FF - user.js: extensions.BabylonToolbar_i.id - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.hardId - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07:48

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{C0D70ED8-D984-40C3-9666-8939CE76EA13} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{575BDDF5-790A-4D01-A37D-2863DEC1C085} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

HKCU-Run-Samsung_AppInst - F:\SamsungSoftware\AppInst.exe

HKCU-Run-YouSendIt.exe - C:\Program Files\YouSendIt\Express\YouSendIt.exe

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - C:\Program Files\Complitly\unins000.exe

AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - C:\Program Files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - C:\Program Files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - C:\Program Files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - C:\Program Files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - C:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - C:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - C:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-15 18:02:26

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Samsung_AppInst = F:\SamsungSoftware\AppInst.exe????????p???????????????t???????????????????????????????????????????????????????????????????????????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl"

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5420)

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtShell.dll

C:\PROGRA~1\Clarus\SAMSUN~1\SHCONT~1.DLL

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll

------------------------ Andere Aktieve Processen ------------------------

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\conime.exe

C:\Windows\servicing\TrustedInstaller.exe

**************************************************************************

Voltooingstijd: 2012-06-15 18:11:20 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-15 16:11:15

Pre-Run: 39.143.006.208 bytes beschikbaar

Post-Run: 39.115.816.960 bytes beschikbaar

15 juni 2012 aangepast door kape

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\ProgramData\Ask

C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

Firefox::

FF - ProfilePath - C:\Users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

FF - user.js: extensions.BabylonToolbar_i.id - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.hardId - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07:48

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[AnnieW]

Ik heb het bovenstaande bestand opgeslagen in Kladblok op het Bureaublad maar ik heb geen bestand ComboFix.exe maar PEV.exe en het lukt me niet om dat txt.bestand daar in te slepen.

[AnnieW]

Ik heb ComboFix.exe de 1e keer na downloaden niet opgeslagen op mijn bureaublad, dat zal de reden zijn denkl ik. Ik heb het nu opnieuw gedownload en alsnog op het bureaublad gezet en het CFScript.txt er naar toe gesleept. Hij starte wel op maar gaf een melding die ik niet goed kon zie

---------- Post toegevoegd om 19:38 ---------- Vorige post was om 19:37 ----------

.....kon zien en daarna stopte het programma er mee. Ik heb nu ComboFix opnieuw opgestart en nu is ie weer bezig om de computer te scannen. Gaat dit nu nog steeds goed of heb ik alles verknald????

[AnnieW]

Hierbij de resultatenvan de opnieuw gemaakte scan in ComboFix

ComboFix 12-06-15.03 - Annie Wissink 15-06-2012 19:32:43.2.2 - x86

Gestart vanuit: C:\Users\Annie Wissink\Desktop\ComboFix.exe

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-15 to 2012-06-15 ))))))))))))))))))))))))))))))

2012-06-15 17:46:07 . 2012-06-15 17:50:33 -------- d-----w- C:\Users\Annie Wissink\AppData\Local\temp

2012-06-15 17:46:07 . 2012-06-15 17:46:07 -------- d-----w- C:\Users\McAfeeMVSUser\AppData\Local\temp

2012-06-15 17:46:07 . 2012-06-15 17:46:07 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-06-15 11:58:13 . 2012-06-11 19:00:58 388608 ----a-w- C:\Program Files\HijackThis.exe

2012-06-15 11:45:06 . 2012-06-15 11:45:06 -------- d-----w- C:\Users\Annie Wissink\AppData\Roaming\Malwarebytes

2012-06-15 11:44:59 . 2012-06-15 11:44:59 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-15 11:44:58 . 2012-06-15 11:45:03 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2012-06-15 11:44:58 . 2012-04-04 13:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-06-13 11:20:54 . 2012-04-23 16:00:53 984064 ----a-w- C:\Windows\system32\crypt32.dll

2012-06-13 11:20:54 . 2012-04-23 16:00:53 133120 ----a-w- C:\Windows\system32\cryptsvc.dll

2012-06-13 11:20:53 . 2012-04-23 16:00:53 98304 ----a-w- C:\Windows\system32\cryptnet.dll

2012-06-13 11:19:30 . 2012-05-15 19:51:08 2045440 ----a-w- C:\Windows\system32\win32k.sys

2012-06-13 11:19:27 . 2012-05-01 14:03:49 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys

2012-06-11 10:31:22 . 2012-06-11 19:14:44 -------- d-----w- C:\HiJackThis

2012-06-10 19:46:59 . 2012-06-10 19:46:59 -------- d-----w- C:\Program Files\Common Files\Java

2012-06-10 18:24:02 . 2012-06-10 18:24:02 -------- d-----w- C:\ProgramData\Ask

2012-06-10 18:23:22 . 2012-06-10 18:23:06 476960 ----a-w- C:\Windows\system32\npdeployJava1.dll

2012-06-07 13:40:21 . 2012-06-07 13:40:21 -------- d-----w- C:\Users\Annie Wissink\AppData\Local\AVG Secure Search

2012-05-27 17:46:31 . 2012-05-27 18:54:56 -------- d-----w- C:\Users\Annie Wissink\AppData\Roaming\Apple Computer

2012-05-27 17:46:31 . 2012-05-27 17:46:31 -------- d-----w- C:\Users\Annie Wissink\AppData\Local\Apple Computer

2012-05-27 17:46:05 . 2009-05-18 11:17:00 26600 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys

2012-05-27 17:46:05 . 2008-04-17 10:12:54 107368 ----a-w- C:\Windows\system32\GEARAspi.dll

2012-05-27 17:44:27 . 2012-05-27 17:44:28 -------- d-----w- C:\Program Files\iPod

2012-05-27 17:44:24 . 2012-05-27 17:46:00 -------- d-----w- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-05-27 17:44:24 . 2012-05-27 17:46:00 -------- d-----w- C:\Program Files\iTunes

2012-05-27 17:44:24 . 2012-05-27 17:44:24 -------- d-----w- C:\ProgramData\Apple Computer

2012-05-27 17:42:53 . 2012-05-27 17:42:53 -------- d-----w- C:\Users\Annie Wissink\AppData\Local\Apple

2012-05-27 17:42:30 . 2012-05-27 17:42:32 -------- d-----w- C:\Program Files\Apple Software Update

2012-05-27 17:39:49 . 2012-05-27 17:39:51 -------- d-----w- C:\Program Files\Bonjour

2012-05-27 17:39:21 . 2012-05-27 17:44:25 -------- d-----w- C:\Program Files\Common Files\Apple

2012-05-27 17:39:21 . 2012-05-27 17:42:15 -------- d-----w- C:\ProgramData\Apple

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-10 18:23:06 . 2010-05-31 20:37:41 472864 ----a-w- C:\Windows\system32\deployJava1.dll

2012-05-08 16:40:12 . 2012-06-12 15:12:38 6737808 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D3ED44E-94DA-4ED4-B578-62CD1D2A2288}\mpengine.dll

2012-04-19 02:50:26 . 2012-04-19 02:50:26 24896 ----a-w- C:\Windows\system32\drivers\avgidshx.sys

2012-04-03 08:16:12 . 2012-05-10 16:10:33 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 . 2012-05-10 16:10:33 3550080 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-03-30 12:39:11 . 2012-05-10 16:10:56 905600 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2012-03-20 23:28:50 . 2012-05-10 16:10:58 53120 ----a-w- C:\Windows\system32\drivers\partmgr.sys

2012-03-19 03:17:28 . 2012-03-19 03:17:28 301248 ----a-w- C:\Windows\system32\drivers\avgtdix.sys

2012-06-01 15:38:43 . 2012-06-15 14:37:31 85472 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

2010-06-19 16:08:16 . 2009-12-15 22:48:46 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-07 13:39:43 2068536 ----a-w- C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 13:39:43 2068536]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 16:05:06 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]

"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-10-01 10:58:12 107864]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

"Olympus ib"="C:\Program Files\Olympus\ib\olycamdetect.exe" [2011-03-11 14:17:30 93360]

"AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 02:28:26 11989960]

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2012-03-06 22:36:32 943504]

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-02 17:18:30 21416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 18:08:40 1049896]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 20:42:36 34040]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 14:30:14 147456]

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 14:30:20 167936]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 13:18:02 167936]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 21:52:52 6183456]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 09:56:18 200704]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 16:05:22 526896]

"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 09:22:16 409600]

"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 08:03:46 303104]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 16:08:16 30192]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-12-06 23:22:21 77824]

"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 12:40:00 83336]

"MDS_Menu"="C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 10:43:42 220336]

"Olympus ib"="C:\Program Files\Olympus\ib\olycamdetect.exe" [2011-03-11 14:17:30 93360]

"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 01:44:40 500208]

"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 02:57:06 406992]

"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 16:36:46 30040]

"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe" [2012-04-05 03:12:34 2587008]

"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2012-06-07 13:39:43 1104440]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-10-13 11:15:30 138008]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-10-13 11:15:18 171288]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-10-13 11:15:22 172824]

"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 22:36:32 3508624]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 19:28:32 59240]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-03-27 03:09:24 421736]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 14:03:34 4283256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

2011-05-30 21:06:45 114176 ----a-w- C:\Windows\System32\advpack.dll

Inhoud van de 'Gedeelde Taken' map

2012-06-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10:48 . 2010-01-23 13:10:28]

2012-06-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-23 13:10:48 . 2010-01-23 13:10:28]

------- Bijkomende Scan -------

uStart Page = hxxp://www.wervershoofsemolen.nl/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - C:\Users\Annie Wissink\AppData\Roaming\Mozilla\Firefox\Profiles\ekyvkqh7.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111805&babsrc=HP_ss&mntrId=240e99d10000000000000017c43ab89c

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B682a7e0a-fe65-41c8-9e5d-043d92341ca5%7D&mid=06cd3814270c47d69118d154342a7345-6dd2d4ae5848ffdb6c44e749268c1cccaec30abd&ds=AVG&v=11.1.0.7〈=nl&pr=pr&d=2012-06-07%2015%3A39%3A49&sap=ku&q=

user_pref('extensions.dealply.partner', 'vita');

user_pref('extensions.dealply.channel', 'vitadownloadsoft');

user_pref('extensions.dealply.installId', 'v23500247419457494676952012050217072409');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

FF - user.js: extensions.BabylonToolbar_i.id - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.hardId - 240e99d10000000000000017c43ab89c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07:48

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

[kape]

Hiermee heb je gewoon Combofix terug opgestart. Bedoeling is dat je het scriptje IN de rode snelkoppeling van Combofix sleept om het progje opnieuw te doen opstarten en de fouten te laten verbeteren. Wil je het nog eens op die manier doen en dan een nieuw logje van Combofix plaatsen ?

[AnnieW]

Hoi

Ik heb het opnieuw gedaan en Combofix startte wel automatisch op maar liep vast na een tijdje. Ik heb dus geen logbestand. Wat nu te doen? Kan ik het programma Combofix eerst verwijderen incl. alles wat in die directory nu staat en daarna opnieuw installeren en opnieuw proberen of maak ik het daarmee alleen maar erger?? Inmiddels krijg ik in Firefox ook een foutmelding en kan ik weer niet op het internet komen met mijn laptop......

[kape]

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall en dan zou je het opnieuw moeten kunnen downloaden (indien je internet het toelaat ?).

[AnnieW]

Opdracht uitgevoerd zoals je aangaf. Dat gaf geen problemen. Er werd weer een logbestand gemaakt dat ik heb opgeslagen. Via mijn andere PC Combofix.exe weer gedownload en op USB gezet en gekopieerd naar mijn bureaublad op de laptop tesamen met CFScript.txt. Maar als ik dat bestandje nu wil slepen naar de rode snelkoppeling van Combofix krijg ik de melding:

C:\Users\AnnieWissink\Desktop\ComboFix.exe Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.

Heb het programma nog een keer gekopieerd naar het bureaublad onder Combifix2.exe en nog eens geprobeerd maar weer dezelfde melding. Ik weet het niet meer maar ik ben er wel goed ziek van..........