safra
-
Items
7 -
Registratiedatum
-
Laatst bezocht
safra's prestaties
-
ow,correctie,er zijn toch dezelfde pop ups :-/
-
ik heb nu opnieuw opgestart en er zijn geen pop ups.maar nu heb ik wel terug het probleem op google ,nl dat ik niets kan opzoeken daar.Telkens ik een zoekopdracht wil geven,dan blijft die gewoon op google beginscherm staan en zoekt niets op :-/
-
Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.org Databaseversie: v2012.08.30.03 Windows 7 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 Iwan :: IWAN-PC [administrator] 30/08/2012 15:45:40 mbam-log-2012-08-30 (15-45-40).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 186515 Verstreken tijd: 52 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) het zegt dat malwarebytes geen dingen heeft gevonden.ik ga nu opnieuw opstarten
-
dit is het logbestand van combofix ComboFix 12-08-29.03 - Iwan 30/08/2012 14:15:33.3.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3583.2472 [GMT 2:00] Gestart vanuit: c:\users\Iwan\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\temp\catchme.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_RkHit . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))) . . 2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Iwan\AppData\Local\temp 2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-30 10:51 . 2012-08-30 10:51 388096 ----a-r- c:\users\Iwan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-30 10:51 . 2012-08-30 10:51 -------- d-----w- c:\program files\Trend Micro 2012-08-29 13:08 . 2012-08-29 13:27 -------- d-----w- c:\programdata\Panda Security 2012-08-29 12:09 . 2012-08-29 12:09 -------- d-----w- c:\users\Iwan\AppData\Roaming\SUPERAntiSpyware.com 2012-08-29 12:08 . 2012-08-29 12:11 -------- d-----w- c:\programdata\SUPERSetup 2012-08-28 18:11 . 2012-08-28 18:11 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-28 18:11 . 2012-08-30 12:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-08-28 18:10 . 2012-08-28 18:10 -------- d-----w- C:\$AVG 2012-08-28 18:09 . 2012-08-28 18:09 -------- d-----w- c:\users\Iwan\AppData\Roaming\AVG2012 2012-08-28 18:09 . 2012-08-28 18:20 -------- d-----w- c:\programdata\AVG2012 2012-08-28 18:04 . 2012-08-28 18:05 -------- d-----w- c:\users\Iwan\AppData\Roaming\Ad-Aware Antivirus 2012-08-28 17:26 . 2012-08-28 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-08-28 15:52 . 2012-08-28 16:02 -------- d-----w- c:\users\Iwan\AppData\Roaming\AnySend 2012-08-28 15:52 . 2012-08-28 16:38 -------- d-----w- c:\programdata\AnySend 2012-08-28 14:51 . 2012-08-29 13:22 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-28 14:51 . 2012-08-28 14:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-08-28 14:45 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2ADC9D98-7C8B-441D-A30C-9F7112C8A156}\mpengine.dll 2012-08-28 14:24 . 2012-08-28 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Local\Yahoo! 2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Local\NanoService 2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\programdata\Yahoo! 2012-08-28 13:24 . 2012-08-28 13:35 -------- d-----w- c:\program files\Yahoo! 2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\programdata\Yahoo! Companion 2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Roaming\Yahoo! 2012-08-28 13:24 . 2012-08-28 13:25 -------- d--h--w- c:\windows\msdownld.tmp 2012-08-20 11:37 . 2012-08-28 14:40 -------- d-----w- c:\program files\Spawn 2012-08-20 11:36 . 2012-08-20 11:38 2829 ----a-w- c:\windows\DiabUnin.pif 2012-08-20 11:36 . 2012-08-20 11:38 118784 ----a-w- c:\windows\DiabUnin.exe 2012-08-20 11:36 . 2012-08-28 14:40 -------- d-----w- c:\program files\Diablo 2012-08-15 08:58 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 08:58 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 08:58 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 08:58 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 08:58 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 08:58 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 08:58 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll 2012-08-08 12:07 . 2012-08-08 12:07 -------- d-----w- c:\program files\2K Games 2012-08-08 12:07 . 2012-08-08 12:07 -------- d-----w- c:\users\Iwan\AppData\Roaming\InstallShield 2012-08-08 11:21 . 2008-05-30 12:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll 2012-08-08 11:21 . 2008-05-30 12:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll 2012-08-08 11:21 . 2008-05-30 12:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll 2012-08-08 11:20 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2012-08-08 11:20 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2012-08-08 08:50 . 2012-08-08 08:50 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys 2012-08-08 08:50 . 2012-08-08 08:50 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2012-08-04 09:43 . 2012-08-04 09:43 21840 ----a-w- c:\windows\system32\SIntfNT.dll 2012-08-04 09:43 . 2012-08-04 09:43 17212 ----a-w- c:\windows\system32\SIntf32.dll 2012-08-04 09:43 . 2012-08-04 09:43 12067 ----a-w- c:\windows\system32\SIntf16.dll 2012-08-04 09:31 . 2012-08-04 09:31 2829 ----a-w- c:\windows\DIIUnin.pif 2012-08-04 09:31 . 2012-08-04 09:31 94208 ----a-w- c:\windows\DIIUnin.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 12:21 . 2011-01-04 20:59 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2012-08-30 11:02 . 2012-05-08 10:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-30 11:02 . 2011-12-16 17:01 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2011-12-23 09:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-07 12:31 . 2011-12-21 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-07 12:31 . 2011-12-21 18:14 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-06 05:09 . 2012-07-11 09:43 1389568 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:09 . 2012-07-11 09:42 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-02 22:19 . 2012-06-21 09:42 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 09:42 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 09:42 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 09:42 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 09:42 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 09:42 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 09:42 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 09:41 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 09:41 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 04:51 . 2012-07-11 09:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:51 . 2012-07-11 09:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:50 . 2012-07-11 09:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:48 . 2012-07-11 09:43 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:47 . 2012-07-11 09:43 219136 ----a-w- c:\windows\system32\ncrypt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-07 296056] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMSVC;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x] S2 ftpsvc;Microsoft FTP-service;c:\windows\system32\svchost.exe [x] S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] ftpsvc REG_MULTI_SZ ftpsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhoud van de 'Gedeelde Taken' map . 2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 11:02] . 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 14:51] . 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 14:51] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:7f,b1,5a,14,e2,b3,bc,42,67,fa,b9,d8,52,99,10,07,cd,05,fe,8a,4d,41,f8, ab,36,ab,90,71,3d,3e,f7,45,f8,89,6d,9d,9d,f4,ff,c2,7d,d4,17,7a,c8,c8,d1,9a,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . [HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:68,27,fb,e6,82,81,29,bc,84,bf,d9,9e,c4,c9,db,74,69,65,de,bd,49, 80,8e,e7,02,39,83,70,14,53,df,9c,39,01,2d,4a,5f,9d,94,86,83,35,8a,4d,01,8d,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\CISVC.EXE c:\windows\system32\inetsrv\inetinfo.exe c:\windows\system32\mqsvc.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\windows\system32\taskhost.exe c:\windows\System32\tcpsvcs.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\windows\system32\mqtgsvc.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Voltooingstijd: 2012-08-30 14:24:38 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-30 12:24 ComboFix2.txt 2012-08-28 15:46 ComboFix3.txt 2012-08-28 12:15 ComboFix4.txt 2012-05-30 13:20 . Pre-Run: 57.473.355.776 bytes beschikbaar Post-Run: 56.945.963.008 bytes beschikbaar . - - End Of File - - 8F79539D22E11977DF8BBC598B4E984C
-
alvast bedankt voor de snelle response.zover ben ik al # AdwCleaner v1.801 - Logfile created 08/30/2012 at 14:06:36 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : Iwan - IWAN-PC # Boot Mode : Normal # Running from : C:\Users\Iwan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29XJ20A2\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\AVG Secure Search Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js ***** [Registry] ***** Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=5570d1450e5547d68168f1867654d3ed-a43e9aa1dd56f8388499278e4a783a82cf58a0e3〈=nl&ds=AVG&pr=pr&d=2012-08-28 20:11:24&v=12.2.0.5&sap=hp --> hxxp://www.google.com -\\ Google Chrome v21.0.1180.83 File : C:\Users\Iwan\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "icon_url": "hxxps://isearch.avg.com/favicon.ico", Deleted : "keyword": "isearch.avg.com", Deleted : "name": "AVG Secure Search", Deleted : "search_url": "hxxps://isearch.avg.com/search?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=&[...] Deleted : "description": "AVG Secure Search", Deleted : "name": "AVG Secure Search", ************************* AdwCleaner[s1].txt - [886 octets] - [30/08/2012 14:03:10] AdwCleaner[s2].txt - [5674 octets] - [30/08/2012 14:06:36] ########## EOF - C:\AdwCleaner[s2].txt - [5802 octets] ##########
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:53:17, on 30/08/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wuauclt.exe C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=5570d1450e5547d68168f1867654d3ed-a43e9aa1dd56f8388499278e4a783a82cf58a0e3〈=nl&ds=AVG&pr=pr&d=2012-08-28 20:11:24&v=12.2.0.5&sap=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- End of file - 7320 bytes
-
De problemen zijn eigenlijk begonnen met het politievirus. Dit hebben we kunnen oplossen maar achteraf was het niet meer mogelijk om iets op te zoeken via google. Dit is ondertussen opgelost maar er blijven pop-ups verschijnen. Al verschillende virusscanners geprobeerd en programma's om spyware te verwijderen maar niets helpt. Ze hebben ons al de raad gegeven om de boel te formatteren en windows opnieuw te installeren maar moet het nu zo drastisch? Alvast bedankt voor de hulp en tips.
