Bastiaan Tuenter

Hartelijke dank voor je hulp. Groet!

Die kan ik niet meer vinden. Dus die had ie blijkbaar al verwijderd. Ik heb de CCleaner gebruikt en de computer zo nu schoon moeten zijn, denk ik. Tenzij je vermoed dat het niet helemaal klopt omdat Delfix vastliep.

Mmm, Delfix wordt afgebroken. AutoIt Error Line 84 (File "C:/Users/Bastiaan Prasath/Desktop/delfic_10.7.exe"): Error: The requested action with this object has failed.

Die zijn verdwenen!

[ATTACH]32037[/ATTACH] Ziet het er nog steeds goed uit? Er zijn wat bestanden verwijderd, maar ik heb geen idee of ik nodig heb, of juist niet. AdwCleaner[S0].txt

[ATTACH]32006[/ATTACH] Voor zover ik kan overzien, in een paar minuten surfen met Chrome, is het probleem opgelost. Zoek-results.log

[ATTACH]32002[/ATTACH] zoek-results.log.txt

Gedaan. Mag ik die log- en infofiles nu verwijderen? [ATTACH]31999[/ATTACH] log.txt

Hallo, ik heb een virus in Google Chrome. Er verschijnen pop-ups in beeld, sommige woorden op internetpagina's zijn groen gekleurd, en als je erop gaat staan verschijnt er een pop-up, bij het doorklikken op pagina's worden er nieuwe tabbladen geopend met twijfelachtige websites, et cetera. Weet er iemand raad?

Dat was zo gepiept. Hartelijk dank voor de tips en trucs. xD

Problemen zijn opgelost, waarvoor dank, Kape. Nog een laatste vraag: enig idee waar de problemen vandaan kwamen? Was het misschien onzorgvuldig internetgebruik, of wellicht de verouderde AVG, misschien nog iets anders?

Iets van de laatste paar dagen: als ik AVG open verschijnt er een fractie van een seconde deze popup in beeld. Welke opdracht geeft hij hier, wat houdt dat in, met die toolbar?

EDIT: Kom ik later vandaag op terug. Negeer de invoegde afbeelding (weet zo eentweedrie niet hoe die te verwijderen) dat probleem is nu opgelost. PC Helpforum moderator bericht: Afbeelding verwijderd

Zoek.exe Version 4.0.0.4 Updated 07-August-2013 Tool run by Joyce on wo 07-08-2013 at 23:04:50,63. Microsoft® Windows Vista™ Home Premium 6.0.6001 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Joyce\Desktop\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 7-8-2013 23:07:25 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3579385244-515018979-1951838040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== "C:\Users\Joyce\AppData\Local\newhb.crx" deleted "C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted "C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted "C:\Windows\system32\Tasks\EPUpdater" deleted "C:\END" deleted "C:\Users\Joyce\AppData\Roaming\Cilyw\lebi.okl" deleted "C:\Users\Joyce\AppData\Roaming\Piunt\ohim.kee" deleted "C:\Users\Joyce\AppData\Roaming\Cilyw" deleted "C:\Users\Joyce\AppData\Roaming\Piunt" deleted "C:\Users\Joyce\AppData\Roaming\Qyyqyt" deleted "C:\Program Files\Delta" deleted "C:\Program Files\WebCake" deleted "C:\Users\Joyce\AppData\Roaming\BabSolution" deleted "C:\Users\Joyce\AppData\Roaming\Babylon" deleted "C:\Users\Joyce\AppData\Roaming\Delta" deleted "C:\Users\Joyce\AppData\Roaming\DSite" deleted "C:\ProgramData\BrowserDefender" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Babylon" deleted "C:\Users\Joyce\AppData\LocalLow\boost_interprocess" deleted "C:\Users\Joyce\AppData\LocalLow\Delta" deleted "C:\Windows\System32\searchplugins" deleted "C:\Windows\System32\Extensions" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joyce\AppData\Local\Temp ==== 2013-08-07 18:42:20 B2994EC6452DBD04E57828EEFEDFB93C 204800 ----a-w- C:\Users\Joyce\AppData\Local\Temp\RtkBtMnt.exe 2013-08-07 16:06:46 2F8F1D62382AD78ACEB22C4E22C5EC59 53248 ----a-w- C:\Users\Joyce\AppData\Local\Temp\catchme.dll ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-08-06 14:04:25 -------- d-----w- C:\Program Files\Trend Micro ======= C: ===== ====== C:\Users\Joyce\AppData\Roaming ====== 2013-08-07 16:09:40 -------- d-----w- C:\users\Public\AppData\Local\temp 2013-08-07 16:09:40 -------- d-----w- C:\users\Default\AppData\Local\temp 2013-08-07 16:09:40 -------- d-----w- C:\users\Default User\AppData\Local\temp 2013-08-07 14:22:02 -------- d-----w- C:\users\Joyce\AppData\Local\temp 2013-07-29 06:37:04 448D9152C0A9E4FA88F195E0907512FF 72 ----a-w- C:\users\Joyce\AppData\Roaming\WB.CFG ====== C:\Users\Joyce ====== 2013-08-07 14:22:02 -------- d-----w- C:\Users\Public\AppData 2013-08-06 12:02:02 580095795C1A2C182AD8D8A6D3C76323 31744 ----a-w- C:\Users\Joyce\StudiereisMallorcaHI001 - kopie (1).doc 2013-08-06 12:02:02 44E0FA9EF6FE41060E455422263FCABB 27136 ----a-w- C:\Users\Joyce\StudiereisMallorcaHI0203 - kopie (1).doc 2013-08-06 12:02:02 -------- d-----w- C:\Users\Joyce\Windesheim 2 - kopie (1) 2013-08-06 12:02:02 -------- d-----w- C:\Users\Joyce\.jordan - kopie (1) 2013-08-06 12:02:01 44345E4454A819614EADBF16831D40A4 113664 ----a-w- C:\Users\Joyce\2010-11-11 Volleybal comp - kopie (1).doc 2013-08-06 12:02:01 -------- d-----w- C:\Users\Joyce\Lukas - kopie (1) 2013-07-23 20:43:34 70882CDE49DC79AC842C8A614EEA9D1D 260974 ----a-w- C:\Users\Joyce\TVBPQMCI17IICI-013.pdf 2013-07-15 13:39:30 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\Joyce\.recently-used.xbel ====== C: exe-files == 2013-08-07 18:42:20 B2994EC6452DBD04E57828EEFEDFB93C 204800 ----a-w- C:\Users\Joyce\AppData\Local\temp\RtkBtMnt.exe 2013-08-01 00:24:50 EB43F540338470C8FE4AAE8378780CAA 784224 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.95\28.0.1500.95_28.0.1500.72_chrome_updater.exe === C: other files == 2013-08-07 15:26:10 D3639F211ED3D889F6DD12BEA15154A3 198990 ----a-w- C:\ProgramData\AVG10\IDS\quarantine\984dc5ea-ffff-ffff-8000-000000000000.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3579385244-515018979-1951838040-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Workrave"="C:\Program Files\Workrave\lib\workrave.exe" "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Facebook Update"="C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "LManager"="C:\Program Files\Launch Manager\LManager.exe" "BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -k" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "EgisTecLiveUpdate"="C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" "ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin" "AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "vProt"="C:\Program Files\AVG Secure Search\vprot.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll"="C:\Windows\system32\rundll32.exe C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll,DllRegisterServer" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Workrave"="C:\Program Files\Workrave\lib\workrave.exe" "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Facebook Update"="C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mwlDaemon" "hkey"="HKLM" "command"="C:\\Program Files\\EgisTec\\MyWinLocker 3\\x86\\mwlDaemon.exe" ==== Startup Folders ====================== 2009-10-07 07:44:52 230 ---h--w- C:\users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackupManager.list 2010-02-14 16:17:48 1154 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-06-2013 13:48] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3579385244-515018979-1951838040-1000Core.job --a------ C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe [28-03-2013 20:28] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3579385244-515018979-1951838040-1000UA.job --a------ C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe [28-03-2013 20:28] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28-08-2012 12:49] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28-08-2012 12:49] C:\Windows\tasks\User_Feed_Synchronization-{9987F0E4-5C0B-4DDD-A19F-21996E709B33}.job --ah----- C:\Windows\system32\msfeedssync.exe [28-05-2011 06:32] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Joyce\AppData\Roaming\BabSolution\CR\Delta.crx[] fjoijdanhaiflhibkljeklcghcmmfffh - C:\Program Files\WebCake\WebCakeLayers.crx[] jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx[09-09-2011 03:11] kcendgajlhoaiiccpijilcpmgphfflnj - C:\Users\Joyce\AppData\Local\newhb.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx[30-07-2013 03:19] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[26-10-2011 13:10] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions kcendgajlhoaiiccpijilcpmgphfflnj - C:\Users\Joyce\AppData\Local\newhb.crx[] Google Docs - Joyce - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Joyce - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Joyce - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Joyce - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Delta Toolbar - Joyce - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Pinterest - Joyce - Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic AVG Safe Search - Joyce - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla AVG Secure Search - Joyce - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof DivX Plus Web Player HTML5 \u003Cvideo\u003E - Joyce - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - Joyce - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kcendgajlhoaiiccpijilcpmgphfflnj_0.localstorage deleted successfully C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kcendgajlhoaiiccpijilcpmgphfflnj_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1009&m=aspire_7535" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.delta-search.com/?babsrc=NT_ss&mntrId=F65E00265E494865&affID=119357&tsp=4923" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={821A5796-4341-4533-93EF-AF48E26DC32D}&mid=36f2b11be6e7aa06a8ea91d1b9031b39-52d024fde175d9a8363854e84b8748c19c8fad09〈=nl&ds=AVG&pr=fr&d=2011-12-13" {D0EC2C12-186B-46C5-8E78-412C95B0691D} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_nlNL348" ==== Reset Google Chrome ====================== C:\users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully ==== Empty IE Cache ====================== C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joyce\AppData\Local\Temp successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on wo 07-08-2013 at 23:23:40,47 ======================

ComboFix 13-08-07.01 - Joyce 07-08-2013 17:55:34.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2814.1663 [GMT 2:00] Gestart vanuit: c:\users\Joyce\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Joyce\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\users\Joyce\AppData\Roaming\WebCake c:\users\Joyce\AppData\Roaming\WebCake\dat\Desktop.OS.dll c:\users\Joyce\AppData\Roaming\WebCake\dat\Dora.dat c:\users\Joyce\AppData\Roaming\WebCake\dat\Maintain.dat c:\users\Joyce\AppData\Roaming\WebCake\dat\Paladin.dat c:\users\Joyce\AppData\Roaming\WebCake\dat\Phoenix.dat c:\users\Joyce\AppData\Roaming\WebCake\PlugIns.cache c:\users\Joyce\AppData\Roaming\WebCake\WebCakeDesktop.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))) . . 2013-08-07 16:06 . 2013-08-07 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-07 14:22 . 2013-08-07 16:06 -------- d-----w- c:\users\Joyce\AppData\Local\temp 2013-08-06 14:04 . 2013-08-06 14:04 388096 ----a-r- c:\users\Joyce\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-08-06 14:04 . 2013-08-06 14:04 -------- d-----w- c:\program files\Trend Micro 2013-08-06 12:02 . 2013-08-06 12:02 -------- d-----w- c:\users\Joyce\Windesheim 2 - kopie (1) 2013-08-06 12:02 . 2013-08-06 12:02 -------- d-----w- c:\users\Joyce\.jordan - kopie (1) 2013-08-06 12:02 . 2013-08-06 12:02 -------- d-----w- c:\users\Joyce\Lukas - kopie (1) 2013-07-31 01:01 . 2013-07-31 01:08 -------- d-----w- c:\windows\system32\MRT 2013-07-13 10:11 . 2013-07-13 10:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-30 01:19 . 2012-11-09 15:00 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-07-13 10:11 . 2012-08-11 08:03 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-07-13 10:11 . 2010-05-03 15:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-14 08:44 . 2011-08-29 14:21 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2013-06-12 11:48 . 2012-04-15 09:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 11:48 . 2011-06-15 09:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Workrave"="c:\program files\Workrave\lib\workrave.exe" [2009-10-25 3661312] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-26 526992] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408] "Facebook Update"="c:\users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-28 138096] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-06-27 2236080] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BackupManager.list [2009-10-7 230] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-14 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon] 2009-05-14 21:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-01 00:25 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:48] . 2013-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3579385244-515018979-1951838040-1000Core.job - c:\users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 18:28] . 2013-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3579385244-515018979-1951838040-1000UA.job - c:\users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 18:28] . 2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 10:49] . 2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 10:49] . 2013-08-07 c:\windows\Tasks\User_Feed_Synchronization-{9987F0E4-5C0B-4DDD-A19F-21996E709B33}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1009&m=aspire_7535 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-08-07 18:06 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2013-08-07 18:09:38 ComboFix-quarantined-files.txt 2013-08-07 16:09 ComboFix2.txt 2013-08-07 14:21 . Pre-Run: 109.249.654.784 bytes beschikbaar Post-Run: 109.216.694.272 bytes beschikbaar . - - End Of File - - B840BE4B073D221EE9A8EFC7DFAC8481 BEEDF9B7F43A72A91456F7131AFC11B2 - - - Updated - - - Trouwens, de icoontjes op mijn bureaublad zijn in tussentijd soort van doorzichtig geworden... Ik zie alleen de namen van de bestanden nog, maar niet de afbeeldingen. Combofix liep de eerste poging overigens vast. Bij de tweede keer kon ik niet meer bij de AVG om te uitschakeling te verlengen

ComboFix 13-08-07.01 - Joyce 07-08-2013 15:47:42.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2814.1598 [GMT 2:00] Gestart vanuit: c:\users\Joyce\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\SecureW2 c:\program files\SecureW2\SecureW2 TTLS Client\Uninstall.exe c:\programdata\7E8960F6D1.sys c:\users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\BackupManager.list c:\users\Joyce\AppData\Roaming\.# c:\users\Joyce\Favorites\BackupManager.list c:\windows\IsUn0413.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_BrowserDefendert . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))) . . 2013-08-07 14:03 . 2013-08-07 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-06 14:04 . 2013-08-06 14:04 388096 ----a-r- c:\users\Joyce\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-08-06 14:04 . 2013-08-06 14:04 -------- d-----w- c:\program files\Trend Micro 2013-08-06 12:02 . 2013-08-06 12:02 -------- d-----w- c:\users\Joyce\Windesheim 2 - kopie (1) 2013-08-06 12:02 . 2013-08-06 12:02 -------- d-----w- c:\users\Joyce\.jordan - kopie (1) 2013-08-06 12:02 . 2013-08-06 12:02 -------- d-----w- c:\users\Joyce\Lukas - kopie (1) 2013-07-31 01:01 . 2013-07-31 01:08 -------- d-----w- c:\windows\system32\MRT 2013-07-13 10:11 . 2013-07-13 10:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-30 01:19 . 2012-11-09 15:00 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-07-13 10:11 . 2012-08-11 08:03 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-07-13 10:11 . 2010-05-03 15:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-14 08:44 . 2011-08-29 14:21 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2013-06-12 11:48 . 2012-04-15 09:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 11:48 . 2011-06-15 09:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-07-30 01:19 3086512 ----a-w- c:\program files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll" [2013-07-30 3086512] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Workrave"="c:\program files\Workrave\lib\workrave.exe" [2009-10-25 3661312] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-26 526992] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408] "Facebook Update"="c:\users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-28 138096] "WebCake Desktop"="c:\users\Joyce\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-06-27 2236080] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BackupManager.list [2009-10-7 230] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-14 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon] 2009-05-14 21:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-01 00:25 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:48] . 2013-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3579385244-515018979-1951838040-1000Core.job - c:\users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 18:28] . 2013-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3579385244-515018979-1951838040-1000UA.job - c:\users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 18:28] . 2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 10:49] . 2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 10:49] . 2013-08-07 c:\windows\Tasks\User_Feed_Synchronization-{9987F0E4-5C0B-4DDD-A19F-21996E709B33}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1009&m=aspire_7535 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-MFARestart - c:\programdata\MFAData\pack\avgrunasx.exe HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0413.EXE AddRemove-SecureW2 TTLS Client - c:\program files\SecureW2\SecureW2 TTLS Client\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-08-07 16:12 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2576) c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG10\avgchsvx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\agrsmsvc.exe c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe c:\program files\Acer\Acer ePower Management\ePowerSvc.exe c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe c:\program files\AVG\AVG10\avgnsx.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe c:\program files\Spybot - Search & Destroy\SDWinSec.exe c:\windows\system32\conime.exe c:\progra~1\AVG\AVG10\avgrsx.exe c:\program files\AVG\AVG10\avgcsrvx.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2013-08-07 16:21:57 - machine werd herstart ComboFix-quarantined-files.txt 2013-08-07 14:21 . Pre-Run: 105.824.841.728 bytes beschikbaar Post-Run: 108.967.325.696 bytes beschikbaar . - - End Of File - - 34BF8660C6F35E9481625ADDF737F023 BEEDF9B7F43A72A91456F7131AFC11B2

Nevermind. Het het gevonden bij extra's.

De optie om mijn AVG uit te schakelen, zoals aangegeven in het bijgaande voorbeeld, krijg ik niet, die zit niet (meer?) onder de rechtermuisknuip. Wel komen er soort van pop-ups als ik de gebruikersinterface probeer te openen. Zal ik ComboFix runnen met werkende AVG?

Hij runt de scan, maar geeft daarna aan dat hij, voor het logje, het bestand niet kan vinden, en vraagt of ik een nieuwe wil maken. Kladblok opent wel, maar er gebeurt niets. - - - Updated - - - Ik trof overigens een ex.bel bestand aan? iemand hier bekend mee? En dit plaatje verschijnt wel eens in beeld. Had ik ook nooit eerder gezien.

Hallo allemaal, hoewel mijn AVG-virusscanner niets meldt lijkt mijn laptop een virus te hebben. Soms, en dat gebeurt als ik even van de laptop weg ben, wordt er in Google Chrome een nieuw tabblad geopend. Daar staat dat er iets mis is met mijn computer, dat ik moet laten repareren of iets dergelijks. Dat zijn altijd berichten van een website genaamd m.bingoodthingshappen. En als ik mijn browser sluit krijg ik standaard dit venster in beeld, zie afbeelding. En zoals het bericht zegt lijkt het iets met mijn startpagina te maken te hebben. Iemand een idee hoe ik dit kan oplossen?

Er zit een Ukash-virus op mijn laptop. Gisteren kwam die in beeld en ging niet meer weg. Zogenaamd van de politie. Of ik geld wilde storten omdat ik mij zogenaamd schuldig maakte aan allerlei duistere praktijken. Ik heb een aantal keer opnieuw opgestart, maar het mocht niet baten. Vandaag werkte alles echter weer.... Toch wil ik het zekere voor het onzekere nemen. Dus ik heb HitmanPro (op een andere laptop) op USB-stick geïnstalleerd. Die plug ik in de gegijzelde laptop. Dan zet ik hem aan. Ik wil dat die via de USB-stick opstart, maar hoe doe ik dat? Vooralsnog werken esc, del, f2, f8, f9, f10, f11 en f12 niet om in het menu te komen waar ik de keuze kan maken om de laptop via usb op te starten (of ik moet gruwelijk over de optie heen kijken). Ik heb een HP met Windows 7. Iemand enig idee?

Super! Hartstikke bedankt Kape voor alle tijd en moeite.

Zo dan! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:06:29, on 31-8-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode Running processes: C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.line6.net O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Tracks Eraser Service (tepsrv) - Acesoft - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11281 bytes

Hier is het logje. Hopelijk het laatste. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:16:34, on 31-8-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode Running processes: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.line6.net O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O20 - AppInit_DLLs: c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Tracks Eraser Service (tepsrv) - Acesoft - C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11838 bytes

Met andere woorden, ik hoef niet meer Hijack, ComboFix, Malware, CCleaner of iets anders toe te passen?