Ga naar inhoud

Google Redirects

Lotje D.
 Delen

Aanbevolen berichten

Lotje D. Leerling

Lotje D.

Geplaatst:
  • Auteur
Geplaatst:

ik wordt nog steeds omgeleid als ik googel, zowel op IE, op google chrome als in firefox. Als ik iets wil opzoeken wordt ik steeds naar die pagina's omgeleid, o.a. naar groupon, naar een woordenboek, soms een erotische pagina, enz. meestal komt er vanboven in de adresbalk eerst 'www.ihavenet.com/.......' en dan kom ik op zo'n andere pagina. Om gek van te worden! Het is hetzelfde probleem als bij die meneer waarbij ik in de eerste plaats had gereageerd. Ik hoop dat dit opgelost geraakt :( merci alvast voor het geduld!

Link naar reactie
Delen op andere sites
  • Reacties 38
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
Lotje D. Leerling

Lotje D.

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-12-27.03 - Lotje 28/12/2012 11:46:53.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4010.2629 [GMT 1:00]

Gestart vanuit: c:\users\Lotje\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\wininit.ini

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-28 ))))))))))))))))))))))))))))))

.

.

2012-12-28 10:52 . 2012-12-28 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-25 11:11 . 2012-12-25 11:11 -------- d-----w- c:\users\Lotje\AppData\Roaming\Malwarebytes

2012-12-25 11:11 . 2012-12-25 11:11 -------- d-----w- c:\programdata\Malwarebytes

2012-12-25 11:11 . 2012-12-25 11:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-25 11:11 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-25 10:47 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-25 10:47 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-25 10:47 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-25 10:47 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-23 14:10 . 2012-12-23 14:09 959976 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-23 14:10 . 2012-12-23 14:09 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-23 14:10 . 2012-12-23 14:09 308200 ----a-w- c:\windows\system32\javaws.exe

2012-12-23 14:10 . 2012-12-23 14:09 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-12-23 14:10 . 2012-12-23 14:09 188392 ----a-w- c:\windows\system32\javaw.exe

2012-12-23 14:10 . 2012-12-23 14:09 188392 ----a-w- c:\windows\system32\java.exe

2012-12-23 14:09 . 2012-12-23 14:09 -------- d-----w- c:\program files\Java

2012-12-23 13:59 . 2012-12-23 13:59 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-23 13:32 . 2012-12-23 13:32 -------- d-----w- c:\programdata\McAfee Security Scan

2012-12-23 13:32 . 2012-12-23 13:32 -------- d-----w- c:\programdata\McAfee

2012-12-23 13:32 . 2012-12-23 14:03 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-12-22 11:13 . 2012-12-22 11:13 388096 ----a-r- c:\users\Lotje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-12-22 11:13 . 2012-12-22 11:13 -------- d-----w- c:\program files (x86)\Trend Micro

2012-12-14 14:53 . 2012-12-25 11:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-12-14 14:53 . 2012-12-25 11:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-14 10:54 . 2012-12-14 10:54 -------- d-----w- c:\users\Lotje\AppData\Roaming\AVG2013

2012-12-14 10:52 . 2012-12-14 10:52 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-12-14 10:52 . 2012-12-27 11:54 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-12-14 10:51 . 2012-12-14 10:52 -------- d-----w- c:\programdata\AVG2013

2012-12-14 10:44 . 2012-12-14 10:57 -------- d-----w- c:\users\Lotje\AppData\Local\Avg2013

2012-12-14 10:44 . 2012-12-14 10:44 -------- d-----w- c:\users\Lotje\AppData\Local\MFAData

2012-12-12 15:05 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 15:05 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 15:05 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-06 23:04 . 2012-12-06 23:04 118784 --sha-r- c:\windows\SysWow64\CPFiltersm.dll

2012-12-04 18:47 . 2012-12-04 18:47 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-12-03 11:52 . 2012-12-03 11:52 -------- d-----w- c:\program files (x86)\YTD Toolbar

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-23 13:59 . 2012-09-19 14:57 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-23 13:59 . 2011-09-18 09:01 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-23 13:32 . 2012-04-03 09:47 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-23 13:32 . 2011-09-04 10:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 08:33 . 2011-09-23 16:20 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-16 08:38 . 2012-11-28 13:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:13 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-09 18:17 . 2012-11-16 12:15 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 12:15 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 12:15 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 12:15 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-04 16:40 . 2012-12-12 15:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 12:14 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 12:14 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 12:14 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 12:14 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 12:14 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 12:14 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 12:14 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 12:14 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 12:14 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 12:14 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 12:14 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-02 02:30 . 2012-10-02 02:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]

.

c:\users\Lotje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lotje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-29 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-14 30568]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-01 1340976]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-19 2028864]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 349736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:32]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864774411-2056706493-2911479855-1000Core.job

- c:\users\Lotje\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 17:53]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864774411-2056706493-2911479855-1000UA.job

- c:\users\Lotje\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 17:53]

.

2012-12-28 c:\windows\Tasks\ztinwemaih.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://alawar.nl

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 195.130.130.132 195.130.131.132

FF - ProfilePath - c:\users\Lotje\AppData\Roaming\Mozilla\Firefox\Profiles\q62kjomj.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-28 11:53:55

ComboFix-quarantined-files.txt 2012-12-28 10:53

.

Pre-Run: 122.384.371.712 bytes beschikbaar

Post-Run: 121.756.327.936 bytes beschikbaar

.

- - End Of File - - E6FD09526349E31BDBB3C4A8CB33E007

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\Tasks\ztinwemaih.job

Folder::

c:\program files (x86)\IObit Toolbar

c:\program files (x86)\YTD Toolbar

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Lotje D. Leerling

Lotje D.

Geplaatst:
  • Auteur
Geplaatst:

Opnieuw ik hoop dat ik het goed gedaan heb ;)

ComboFix 12-12-28.02 - Lotje 28/12/2012 22:17:35.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4010.2969 [GMT 1:00]

Gestart vanuit: c:\users\Lotje\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Lotje\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\Tasks\ztinwemaih.job"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\IObit Toolbar

c:\program files (x86)\IObit Toolbar\FF\chrome.manifest

c:\program files (x86)\IObit Toolbar\FF\chrome\chrome.jar

c:\program files (x86)\IObit Toolbar\FF\install.rdf

c:\program files (x86)\IObit Toolbar\IE\6.6\config.ini

c:\program files (x86)\IObit Toolbar\Res\amazon.gif

c:\program files (x86)\IObit Toolbar\Res\ebay.gif

c:\program files (x86)\IObit Toolbar\Res\facebook.gif

c:\program files (x86)\IObit Toolbar\Res\googleplus.gif

c:\program files (x86)\IObit Toolbar\Res\icon_settings.gif

c:\program files (x86)\IObit Toolbar\Res\iobit_logo.gif

c:\program files (x86)\IObit Toolbar\Res\iobit_logo_hover.gif

c:\program files (x86)\IObit Toolbar\Res\Lang\res1031.ini

c:\program files (x86)\IObit Toolbar\Res\Lang\res1033.ini

c:\program files (x86)\IObit Toolbar\Res\Lang\res1034.ini

c:\program files (x86)\IObit Toolbar\Res\Lang\res1036.ini

c:\program files (x86)\IObit Toolbar\Res\Lang\res1040.ini

c:\program files (x86)\IObit Toolbar\Res\radio-close.gif

c:\program files (x86)\IObit Toolbar\Res\radio-minimize.gif

c:\program files (x86)\IObit Toolbar\Res\radiobeta.gif

c:\program files (x86)\IObit Toolbar\Res\search-button-hover.gif

c:\program files (x86)\IObit Toolbar\Res\search-button.gif

c:\program files (x86)\IObit Toolbar\Res\search-chevron-hover.gif

c:\program files (x86)\IObit Toolbar\Res\search-chevron.gif

c:\program files (x86)\IObit Toolbar\Res\search_amazon.gif

c:\program files (x86)\IObit Toolbar\Res\search_baidu.gif

c:\program files (x86)\IObit Toolbar\Res\search_ebay.gif

c:\program files (x86)\IObit Toolbar\Res\search_yahoo.gif

c:\program files (x86)\IObit Toolbar\Res\search_yandex.gif

c:\program files (x86)\IObit Toolbar\Res\security.gif

c:\program files (x86)\IObit Toolbar\Res\system.gif

c:\program files (x86)\IObit Toolbar\Res\twitter.gif

c:\program files (x86)\IObit Toolbar\Res\widgets.xml

c:\program files (x86)\IObit Toolbar\WidgiHelper.exe

c:\program files (x86)\YTD Toolbar

c:\program files (x86)\YTD Toolbar\FF\chrome.manifest

c:\program files (x86)\YTD Toolbar\FF\chrome\chrome.jar

c:\program files (x86)\YTD Toolbar\FF\install.rdf

c:\program files (x86)\YTD Toolbar\IE\6.6\config.ini

c:\program files (x86)\YTD Toolbar\Res\amazon.gif

c:\program files (x86)\YTD Toolbar\Res\dailymotion.gif

c:\program files (x86)\YTD Toolbar\Res\ebay.gif

c:\program files (x86)\YTD Toolbar\Res\facebook.gif

c:\program files (x86)\YTD Toolbar\Res\googleplus.gif

c:\program files (x86)\YTD Toolbar\Res\hulu.gif

c:\program files (x86)\YTD Toolbar\Res\icon_settings.gif

c:\program files (x86)\YTD Toolbar\Res\Lang\res1031.ini

c:\program files (x86)\YTD Toolbar\Res\Lang\res1033.ini

c:\program files (x86)\YTD Toolbar\Res\Lang\res1034.ini

c:\program files (x86)\YTD Toolbar\Res\Lang\res1036.ini

c:\program files (x86)\YTD Toolbar\Res\Lang\res1040.ini

c:\program files (x86)\YTD Toolbar\Res\metacafe.gif

c:\program files (x86)\YTD Toolbar\Res\radio-close.gif

c:\program files (x86)\YTD Toolbar\Res\radio-minimize.gif

c:\program files (x86)\YTD Toolbar\Res\radiobeta.gif

c:\program files (x86)\YTD Toolbar\Res\search-button-hover.gif

c:\program files (x86)\YTD Toolbar\Res\search-button.gif

c:\program files (x86)\YTD Toolbar\Res\search-chevron-hover.gif

c:\program files (x86)\YTD Toolbar\Res\search-chevron.gif

c:\program files (x86)\YTD Toolbar\Res\search_amazon.gif

c:\program files (x86)\YTD Toolbar\Res\search_baidu.gif

c:\program files (x86)\YTD Toolbar\Res\search_ebay.gif

c:\program files (x86)\YTD Toolbar\Res\search_yahoo.gif

c:\program files (x86)\YTD Toolbar\Res\search_yandex.gif

c:\program files (x86)\YTD Toolbar\Res\search_youtube.gif

c:\program files (x86)\YTD Toolbar\Res\twitter.gif

c:\program files (x86)\YTD Toolbar\Res\veoh.gif

c:\program files (x86)\YTD Toolbar\Res\widgets.xml

c:\program files (x86)\YTD Toolbar\Res\youtube.gif

c:\program files (x86)\YTD Toolbar\Res\ytd.gif

c:\program files (x86)\YTD Toolbar\Res\ytd_logo.gif

c:\program files (x86)\YTD Toolbar\Res\ytd_logo_hover.gif

c:\program files (x86)\YTD Toolbar\WidgiHelper.exe

c:\windows\Tasks\ztinwemaih.job

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-28 ))))))))))))))))))))))))))))))

.

.

2012-12-28 21:23 . 2012-12-28 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-28 21:23 . 2012-12-28 21:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-25 11:11 . 2012-12-25 11:11 -------- d-----w- c:\users\Lotje\AppData\Roaming\Malwarebytes

2012-12-25 11:11 . 2012-12-25 11:11 -------- d-----w- c:\programdata\Malwarebytes

2012-12-25 11:11 . 2012-12-25 11:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-25 11:11 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-25 10:47 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-25 10:47 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-25 10:47 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-25 10:47 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-23 14:10 . 2012-12-23 14:09 959976 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-23 14:10 . 2012-12-23 14:09 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-23 14:10 . 2012-12-23 14:09 308200 ----a-w- c:\windows\system32\javaws.exe

2012-12-23 14:10 . 2012-12-23 14:09 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-12-23 14:10 . 2012-12-23 14:09 188392 ----a-w- c:\windows\system32\javaw.exe

2012-12-23 14:10 . 2012-12-23 14:09 188392 ----a-w- c:\windows\system32\java.exe

2012-12-23 14:09 . 2012-12-23 14:09 -------- d-----w- c:\program files\Java

2012-12-23 13:59 . 2012-12-23 13:59 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-23 13:32 . 2012-12-23 13:32 -------- d-----w- c:\programdata\McAfee Security Scan

2012-12-23 13:32 . 2012-12-23 13:32 -------- d-----w- c:\programdata\McAfee

2012-12-23 13:32 . 2012-12-23 14:03 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-12-22 11:13 . 2012-12-22 11:13 388096 ----a-r- c:\users\Lotje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-12-22 11:13 . 2012-12-22 11:13 -------- d-----w- c:\program files (x86)\Trend Micro

2012-12-14 14:53 . 2012-12-25 11:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-12-14 14:53 . 2012-12-25 11:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-14 10:54 . 2012-12-14 10:54 -------- d-----w- c:\users\Lotje\AppData\Roaming\AVG2013

2012-12-14 10:52 . 2012-12-14 10:52 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-12-14 10:52 . 2012-12-27 11:54 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-12-14 10:51 . 2012-12-14 10:52 -------- d-----w- c:\programdata\AVG2013

2012-12-14 10:44 . 2012-12-14 10:57 -------- d-----w- c:\users\Lotje\AppData\Local\Avg2013

2012-12-14 10:44 . 2012-12-14 10:44 -------- d-----w- c:\users\Lotje\AppData\Local\MFAData

2012-12-12 15:05 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 15:05 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 15:05 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-06 23:04 . 2012-12-06 23:04 118784 --sha-r- c:\windows\SysWow64\CPFiltersm.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-23 13:59 . 2012-09-19 14:57 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-23 13:59 . 2011-09-18 09:01 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-23 13:32 . 2012-04-03 09:47 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-23 13:32 . 2011-09-04 10:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 08:33 . 2011-09-23 16:20 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-16 08:38 . 2012-11-28 13:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:13 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-09 18:17 . 2012-11-16 12:15 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 12:15 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 12:15 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 12:15 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-04 16:40 . 2012-12-12 15:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 12:14 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 12:14 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 12:14 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 12:14 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 12:14 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 12:14 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 12:14 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 12:14 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 12:14 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 12:14 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 12:14 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-02 02:30 . 2012-10-02 02:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]

.

c:\users\Lotje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lotje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-29 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-14 30568]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-01 1340976]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-19 2028864]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 349736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:32]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864774411-2056706493-2911479855-1000Core.job

- c:\users\Lotje\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 17:53]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864774411-2056706493-2911479855-1000UA.job

- c:\users\Lotje\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 17:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Lotje\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://alawar.nl

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 195.130.130.132 195.130.131.132

FF - ProfilePath - c:\users\Lotje\AppData\Roaming\Mozilla\Firefox\Profiles\q62kjomj.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-28 22:24:44

ComboFix-quarantined-files.txt 2012-12-28 21:24

ComboFix2.txt 2012-12-28 10:53

.

Pre-Run: 121.638.707.200 bytes beschikbaar

Post-Run: 121.571.581.952 bytes beschikbaar

.

- - End Of File - - 957BC617B77E853D393C6BA27E7EB2C2

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download de Junkware Removal Tool by Thisisu naar je bureaublad

  • Het is aanbevolen om beveiligingssoftware tijdelijk uit te schakelen, deze kan namelijk conflicteren met JRT.exe
  • Windows XP: Start de tool doormiddel van dubbelklik.
  • Windows Vista/7/8: Rechtsklik JRT.exe en kies voor "Uitvoeren als administrator".
  • De tool zal daarna je systeem scannen.
  • De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
  • Als de scan voltooid is zal een logje (JRT.txt) op je bureaublad opgeslagen worden en automatisch openen.
  • Post de inhoud van deze log in je volgende bericht.

Link naar reactie
Delen op andere sites
Lotje D. Leerling

Lotje D.

Geplaatst:
  • Auteur
Geplaatst:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.3.0 (12.29.2012:1)

OS: Windows 7 Home Premium x64

Ran by Lotje on za 29/12/2012 at 23:54:24,80

Blog: Malware Analysis and Removal

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

~~~ FireFox

Successfully deleted: [File] C:\Users\Lotje\AppData\Roaming\mozilla\firefox\profiles\q62kjomj.default\invalidprefs.js

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on zo 30/12/2012 at 0:08:27,98

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- - - Updated - - -

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.3.0 (12.29.2012:1)

OS: Windows 7 Home Premium x64

Ran by Lotje on za 29/12/2012 at 23:54:24,80

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

~~~ FireFox

Successfully deleted: [File] C:\Users\Lotje\AppData\Roaming\mozilla\firefox\profiles\q62kjomj.default\invalidprefs.js

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on zo 30/12/2012 at 0:08:27,98

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.