google altijd maar weer ...

[kape]

Ben je hier iets meer mee ?

[embroiderit]

Ik heb heel wat meer van die dingen

oa ook die preload die ik nu ook op true heb gezet en de url heb ik nu aangepast naar Google en daar volgt die url dan niet meer op.

De volgende lijnen zijn telkens 'newtabpage' met daarachter een keer 'blocked', columns, enabled, pinned,rows en dan een laatste met StorageVersion... Geen idee of dit duidelijk is?

[kape]

Dat kan perfect ... niet alle versies zijn gelijk. Maar de inhoud van newtab.url is in dit verhaal de belangrijkste. Die heb je - als ik het goed begrijp - nu op Google gezet. En welke invloed heeft dat tot hiertoe ?

[embroiderit]

Nu komt er enkel google.be zonder verder iets. Ik zou het eigenlijk nog liever hebben dat er helemaal niets staat.

De cursor blijft echter nog altijd verspringen en wist soms ineens delen van de tekst...

[kape]

Dan zet je daar eens about:blank ipv een URL van Google.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registry key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

20 december 2013 aangepast door kape

[embroiderit]

Hoi Kape, eerst en vooral..... héél hartelijk bedankt voor alle hulp!!!

ComboFix 13-12-20.01 - Bernqde 21/12/2013 10:01:02.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6056.4443 [GMT 1:00]

Gestart vanuit: c:\users\Bernqde\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bernqde\Favorites\msgr11uk.exe

c:\windows\msvcr71.dll

c:\windows\SysWow64\system.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-11-21 to 2013-12-21 ))))))))))))))))))))))))))))))

.

.

2013-12-21 09:27 . 2013-12-21 09:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-19 21:26 . 2013-12-19 20:22 24064 ----a-w- c:\windows\zoek-delete.exe

2013-12-19 21:26 . 2013-12-21 09:27 -------- d-----w- c:\users\Bernqde\AppData\Local\Temp

2013-12-14 22:21 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-11 22:27 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-11 22:27 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-11 22:27 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-11 22:27 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-11 22:27 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-07 12:49 . 2013-12-21 08:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-12-06 14:39 . 2013-12-06 14:40 -------- d-----w- C:\rsit

2013-11-24 11:07 . 2013-11-24 12:07 -------- d-----w- C:\zoek_backup

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-15 10:03 . 2012-02-23 05:29 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-03 07:50 . 2012-05-03 17:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-03 07:50 . 2012-02-28 05:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-12 16:45 . 2012-12-07 18:19 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-11-05 20:55 . 2013-11-05 20:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys

2013-11-04 20:52 . 2013-11-04 20:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-10-31 22:00 . 2013-10-31 22:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-10-31 21:49 . 2013-10-31 21:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-10-24 21:25 . 2013-10-24 21:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-10-12 02:30 . 2013-11-14 16:36 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-14 16:36 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-14 16:36 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-14 16:36 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-14 16:36 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25 . 2013-11-14 16:36 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-14 16:36 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-14 16:36 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-14 16:36 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-14 16:36 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-14 16:36 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-14 16:36 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-14 16:36 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-14 16:36 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-14 16:36 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-30 23:52 . 2013-09-30 23:52 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-09-28 01:09 . 2013-11-14 16:36 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-25 02:26 . 2013-11-14 16:36 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 02:26 . 2013-11-14 16:36 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:23 . 2013-11-14 16:36 135680 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 02:23 . 2013-11-14 16:36 28672 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-25 02:23 . 2013-11-14 16:36 28160 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 02:22 . 2013-11-14 16:36 340992 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 02:21 . 2013-11-14 16:36 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 02:21 . 2013-11-14 16:36 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 01:58 . 2013-11-14 16:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-09-25 01:57 . 2013-11-14 16:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-09-25 01:57 . 2013-11-14 16:36 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-09-25 01:56 . 2013-11-14 16:36 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03 . 2013-11-14 16:36 30720 ----a-w- c:\windows\system32\lsass.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]

"USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs2377439.exe" [2013-05-15 7377920]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2012-2-11 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys;c:\windows\SYSNATIVE\drivers\fdrawcmd.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 VmbService;Vodafone Mobile Broadband-service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2013-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 07:50]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]

"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]

"USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs2377439.exe" [2013-05-15 7377920]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{110CECD6-898C-4E76-9B54-A099E60CA4A0}: NameServer = 81.169.60.107 81.169.60.107

TCP: Interfaces\{685EFB1E-5FDF-40D9-9476-2036CF42AE59}: NameServer = 81.169.62.171 81.169.62.171

FF - ProfilePath - c:\users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- Bestandsassociaties -------

.

.txt=EMBIRD64.File.txt

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

SafeBoot-SolutoService

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*ÌÖ¸-]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*ÌÖ¸-\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N*o*e*l*l*´v¾-\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-12-21 10:33:10

ComboFix-quarantined-files.txt 2013-12-21 09:33

.

Pre-Run: 122,169,724,928 bytes beschikbaar

Post-Run: 121,620,807,680 bytes beschikbaar

.

- - End Of File - - A9B45F941AAD724D694BD1BCC1866DF4

[kape]

En hoe staan de zaken nu ?

[embroiderit]

Eindelijk een blanco tab !!! geweldig!!! Hij start als een weerlicht, maar mijn cursor blijft met een eigen wil verspringen en soms ook ineens delen van zinnen wissen....

21 december 2013 aangepast door embroiderit
iets toevoegen :)

[kape]

Ga naar de site van ESET Online Scanner.

Klik op de knop “Run ESET Online Scanner”

In een apart scherm krijg je de vraag om EsetSmartInstaller te downloaden

Klik op de link van esetsmartinstaller_enu.exe en dan start de download automatisch op.

Kies voor “Download” van dit bestand.

Klik op “uitvoeren” van dit bestand esetsmartinstaller_enu.exe

Zet een vinkje bij “YES, I accept the Terms of Use”

Klik op “Start”

Klik op "Advanced settings"

Zet een vinkje bij de volgende opties:

• Remove found threats
  
• Scan archives
  
• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology
  

Klik op “Start”

De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.

Je mag het venster sluiten wanneer de scan klaar is.

Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\\Program Files\\Eset\\EsetOnlineScanner\\log.txt

Kopieer en plak de inhoud van dit logje in je volgende bericht.

[embroiderit]

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=c640b56058e7c84e8addb471ce6912bc

# engine=16382

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-12-24 11:54:30

# local_time=2013-12-24 12:54:30 (+0100, West-Europa (standaardtijd))

# country="Australia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 14312167 139515920 0 0

# scanned=189822

# found=6

# cleaned=6

# scan_time=17842

sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bernqde\Downloads\ccsetup408.exe"

sh=B8895BB21261766F960D2B6D5F22B0DD7A818812 ft=1 fh=fd6c520b6b39aef5 vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bernqde\Downloads\spsetup122.exe"

sh=1A43FC16D7AA3CA5988A98D4B66FD03C912D5974 ft=1 fh=8abee68c442ee8e0 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bernqde\Downloads\Picture resizer\SoftonicDownloader_voor_picture-resizer.exe"

sh=D2408C8A09A2BD9704AF39F818EC7AC9E9CCA46E ft=1 fh=08d2b982dc66508e vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bernqde\Utorrent\utorrent.exe"

sh=A41A1F898D5F230FBBC8140C3A019E0AC78FA716 ft=1 fh=250610d792db3225 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Bernqde_Downloads_SoftonicDownloader_voor_picture-resizer.exe.vir"

sh=4B5D3F28D53D4B23D42D87A1DB8B5400AED41984 ft=1 fh=6f98768c3952313c vn="Win32/Conduit.SearchProtect.F application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_PROGRA~2_SearchProtect\Main\bin\CltMngSvc.exe"