Pc problemen (Antivirus - addblock - volle schijf)

juisterr · 8 april 2013

Open een kladblokbestand.

Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Sla het kladblokbestand op als CFScript_AVG2011.txt

REGISTRY::

[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]

[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]

[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]

[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]

[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]

[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]

[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]

[-HKEY_CURRENT_USER\Software\Avg]

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]

[-HKEY_CLASSES_ROOT\.avgdx]

[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]

[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]

[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}]

[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95}]

[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]

[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]

[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]

[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]

[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]

[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]

[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]

[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]

[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]

[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]

DRIVER::

Avg

AVGIDSAgent

AVGIDSDriver

AVGIDSEH

AVGIDSFilter

AVGIDSShim

Avgldx86

Avgmfx86

Avgrkx86

Avgtdix

avgwd

FOLDER::

%SYSTEMDRIVE%\$AVG

%COMMONAPPDATA%\AVG10

%COMMONAPPDATA%\MFAData %COMMONPROGRAMS

%\AVG 2011

%APPDATA

%\AVG10

%PROGRAMFILES%\AVG

%SYSTEM%\drivers\AVG

File::

%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat

%COMMONDESKTOP%\AVG 2011.lnk

%SYSTEM%\drivers\AVGIDSDriver.sys

%SYSTEM%\drivers\AVGIDSEH.sys

%SYSTEM%\drivers\AVGIDSFilter.sys

%SYSTEM%\drivers\AVGIDSShim.sys

%SYSTEM%\drivers\avgldx86.sys

%SYSTEM%\drivers\avgmfx86.sys

%SYSTEM%\drivers\avgrkx86.sys

%SYSTEM%\drivers\avgtdix.sys

Start de computer in veilige modus: Spyware

Sleep CFScript_AVG2011.txt in ComboFix.exe. Dit zal ComboFix doen herstarten. Start opnieuw op als daarom gevraagd wordten post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Alexandra90 · 8 april 2013

Ik moet weer teleurstellen, het lukt weeral niet! Op de koop toe vraagt AVG me steeds weer om te rebooten.

Ik heb gedaan wat u in bovenstaand bericht schreef. Als ik (na safe booten) het kladblokbestand in combofix sleepte, vroeg die me of ik 'met force' AVG wilde verwijderen. Ik klikte 'ok' en dan verscheen weeral het bericht dat AVG niet zou toelaten dat combofix wordt opgestart..

carfran · 8 april 2013

Probeer eens met deze Removal tool van AVG

juisterr · 9 april 2013

Die is hier http://www.pc-helpforum.be/f163/pc-problemen-antivirus-addblock-volle-schijf-59335/#post393055 al aangeboden, heb je het script van combofix wel goed gebruikt en waar is de uitslag ervan, mag ik die uitslag zien aub.

Alexandra90 · 9 april 2013

Het is eindelijk gelukt! Nadat ik die removal tool gedownload had + na (slechts) 1x herstarten, zei de pc(Windows security Essentials?) me weer dat ik geen bevoegdheid had, maar heb vaak op exit geklikt en toen kwam combofix eindelijk in actie.

Ik maak zometeen ook een nieuw hijacklogje!

ComboFix 13-04-08.04 - Alexandra 09/04/2013 14:39:29.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1958 [GMT 2:00]

Running from: c:\users\Alexandra\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Browse2save

c:\programdata\Browse2save\50ce2c906b180.html

c:\programdata\Browse2save\50ce2c906b1b8.js

c:\programdata\Browse2save\paegbaalpafbkfhikgojkoimcfjacgcc.crx

c:\programdata\Browse2save\settings.ini

c:\programdata\Browse2save\uninstall.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Browse2save

c:\programdata\Microsoft\Windows\Start Menu\Programs\Browse2save\Browse2save.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Browse2save\Uninstall.lnk

C:\sooi832.bin

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 )))))))))))))))))))))))))))))))

.

2013-04-09 12:49 . 2013-04-09 12:49 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-04-09 12:49 . 2013-04-09 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-08 09:34 . 2013-03-19 03:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{099204B4-C597-420D-8428-CD5F1EA5B853}\mpengine.dll

2013-04-07 19:37 . 2013-04-07 19:37 -------- d-----w- c:\programdata\AVG Secure Search

2013-04-07 19:36 . 2013-04-07 19:36 -------- d-----w- c:\users\Alexandra\AppData\Roaming\TuneUp Software

2013-03-14 21:41 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-07 19:36 . 2012-08-30 19:27 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-03-11 23:10 . 2009-11-03 09:37 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-03-08 13:21 . 2013-03-08 13:21 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]

"Facebook Update"="c:\users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-23 138096]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2718213760-2667944845-969641845-1000Core.job

- c:\users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 16:46]

.

2013-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2718213760-2667944845-969641845-1000UA.job

- c:\users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 16:46]

.

2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:41]

.

2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:41]

.

2013-04-07 c:\windows\Tasks\Norton Security Scan for Alexandra.job

- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-22 01:30]

.

2013-04-09 c:\windows\Tasks\User_Feed_Synchronization-{50E49403-F7BF-4CDF-A766-49FCBB501384}.job

- c:\windows\system32\msfeedssync.exe [2013-03-13 05:51]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll

FF - ProfilePath - c:\users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\h758x4p8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=9290710335174403&o=APN10645&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 56545

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-02-18 22:28; {377e5d4d-77e5-476a-8716-7e70a9272da0}; c:\users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\h758x4p8.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}

FF - ExtSQL: 2013-04-07 21:37; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\15.0.0.2

FF - ExtSQL: !HIDDEN! 2013-02-18 22:29; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Toolbar-10 - (no file)

Toolbar-!{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe

HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe

AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe

AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browse2save\uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-04-09 14:49

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2013-04-09 14:53:38

ComboFix-quarantined-files.txt 2013-04-09 12:53

ComboFix2.txt 2011-06-24 18:48

ComboFix3.txt 2011-06-24 17:13

.

Pre-Run: 3.979.984.896 bytes free

Post-Run: 4.729.192.448 bytes free

.

- - End Of File - - 2E25157EC9968C4ABDE972B9507F7A43

Alexandra90 · 9 april 2013

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:10:17, on 09/04/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19401)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - one of the UK's largest shopping destinations (file missing)

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe

--

End of file - 8141 bytes

Alexandra90 · 10 april 2013

Zijn er nog problemen in m'n logjes? Moet ik nog verdere stappen ondernemen? Bedankt.

kape · 11 april 2013

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE

O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - one of the UK's largest shopping destinations (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sweetpacks Communicator"=-

"SweetIM"=-

Firefox::

FF - ProfilePath - c:\users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\h758x4p8.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Download AdwCleaner by Xplode naar je bureaublad.

Sluit alle openstaande vensters.

Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
Voor XP: Gewoon dubbelklikken op AdwCleaner.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht.

Post na herstart de inhoud van Combofix.txt in je volgende bericht samen met het log van AdwCleaner en een nieuw logje van HijackThis.

Alexandra90 · 13 april 2013

Hier alvast combofix logje.

ComboFix 13-04-08.04 - Alexandra 13/04/2013 17:40:55.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1975 [GMT 2:00]

Running from: c:\users\Alexandra\Desktop\ComboFix.exe

Command switches used :: c:\users\Alexandra\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 )))))))))))))))))))))))))))))))

.

2013-04-13 15:49 . 2013-04-13 15:49 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-04-13 15:49 . 2013-04-13 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-12 21:18 . 2013-04-12 21:18 -------- d-----w- c:\program files\Common Files\Skype

2013-04-12 15:58 . 2013-03-19 03:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F1A2E82-26CF-4247-8E88-B73042277172}\mpengine.dll