safra

ow,correctie,er zijn toch dezelfde pop ups :-/

ik heb nu opnieuw opgestart en er zijn geen pop ups.maar nu heb ik wel terug het probleem op google ,nl dat ik niets kan opzoeken daar.Telkens ik een zoekopdracht wil geven,dan blijft die gewoon op google beginscherm staan en zoekt niets op :-/

Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.org

Databaseversie: v2012.08.30.03

Windows 7 x86 NTFS (Veilige modus/netwerkmogelijkheden)

Internet Explorer 9.0.8112.16421

Iwan :: IWAN-PC [administrator]

30/08/2012 15:45:40

mbam-log-2012-08-30 (15-45-40).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 186515

Verstreken tijd: 52 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

het zegt dat malwarebytes geen dingen heeft gevonden.ik ga nu opnieuw opstarten

dit is het logbestand van combofix

ComboFix 12-08-29.03 - Iwan 30/08/2012 14:15:33.3.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3583.2472 [GMT 2:00]

Gestart vanuit: c:\users\Iwan\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

d:\temp\catchme.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RKHIT

-------\Service_RkHit

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-28 to 2012-08-30 ))))))))))))))))))))))))))))))

.

.

2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Iwan\AppData\Local\temp

2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-30 10:51 . 2012-08-30 10:51 388096 ----a-r- c:\users\Iwan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-30 10:51 . 2012-08-30 10:51 -------- d-----w- c:\program files\Trend Micro

2012-08-29 13:08 . 2012-08-29 13:27 -------- d-----w- c:\programdata\Panda Security

2012-08-29 12:09 . 2012-08-29 12:09 -------- d-----w- c:\users\Iwan\AppData\Roaming\SUPERAntiSpyware.com

2012-08-29 12:08 . 2012-08-29 12:11 -------- d-----w- c:\programdata\SUPERSetup

2012-08-28 18:11 . 2012-08-28 18:11 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-28 18:11 . 2012-08-30 12:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-08-28 18:10 . 2012-08-28 18:10 -------- d-----w- C:\$AVG

2012-08-28 18:09 . 2012-08-28 18:09 -------- d-----w- c:\users\Iwan\AppData\Roaming\AVG2012

2012-08-28 18:09 . 2012-08-28 18:20 -------- d-----w- c:\programdata\AVG2012

2012-08-28 18:04 . 2012-08-28 18:05 -------- d-----w- c:\users\Iwan\AppData\Roaming\Ad-Aware Antivirus

2012-08-28 17:26 . 2012-08-28 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-08-28 15:52 . 2012-08-28 16:02 -------- d-----w- c:\users\Iwan\AppData\Roaming\AnySend

2012-08-28 15:52 . 2012-08-28 16:38 -------- d-----w- c:\programdata\AnySend

2012-08-28 14:51 . 2012-08-29 13:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-28 14:51 . 2012-08-28 14:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-28 14:45 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2ADC9D98-7C8B-441D-A30C-9F7112C8A156}\mpengine.dll

2012-08-28 14:24 . 2012-08-28 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Local\Yahoo!

2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Local\NanoService

2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\programdata\Yahoo!

2012-08-28 13:24 . 2012-08-28 13:35 -------- d-----w- c:\program files\Yahoo!

2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\programdata\Yahoo! Companion

2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Roaming\Yahoo!

2012-08-28 13:24 . 2012-08-28 13:25 -------- d--h--w- c:\windows\msdownld.tmp

2012-08-20 11:37 . 2012-08-28 14:40 -------- d-----w- c:\program files\Spawn

2012-08-20 11:36 . 2012-08-20 11:38 2829 ----a-w- c:\windows\DiabUnin.pif

2012-08-20 11:36 . 2012-08-20 11:38 118784 ----a-w- c:\windows\DiabUnin.exe

2012-08-20 11:36 . 2012-08-28 14:40 -------- d-----w- c:\program files\Diablo

2012-08-15 08:58 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 08:58 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 08:58 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 08:58 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 08:58 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 08:58 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 08:58 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll

2012-08-08 12:07 . 2012-08-08 12:07 -------- d-----w- c:\program files\2K Games

2012-08-08 12:07 . 2012-08-08 12:07 -------- d-----w- c:\users\Iwan\AppData\Roaming\InstallShield

2012-08-08 11:21 . 2008-05-30 12:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll

2012-08-08 11:21 . 2008-05-30 12:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll

2012-08-08 11:21 . 2008-05-30 12:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll

2012-08-08 11:20 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2012-08-08 11:20 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2012-08-08 08:50 . 2012-08-08 08:50 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys

2012-08-08 08:50 . 2012-08-08 08:50 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2012-08-04 09:43 . 2012-08-04 09:43 21840 ----a-w- c:\windows\system32\SIntfNT.dll

2012-08-04 09:43 . 2012-08-04 09:43 17212 ----a-w- c:\windows\system32\SIntf32.dll

2012-08-04 09:43 . 2012-08-04 09:43 12067 ----a-w- c:\windows\system32\SIntf16.dll

2012-08-04 09:31 . 2012-08-04 09:31 2829 ----a-w- c:\windows\DIIUnin.pif

2012-08-04 09:31 . 2012-08-04 09:31 94208 ----a-w- c:\windows\DIIUnin.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-30 12:21 . 2011-01-04 20:59 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2012-08-30 11:02 . 2012-05-08 10:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-30 11:02 . 2011-12-16 17:01 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 11:46 . 2011-12-23 09:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-07 12:31 . 2011-12-21 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-07 12:31 . 2011-12-21 18:14 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-06-06 05:09 . 2012-07-11 09:43 1389568 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:09 . 2012-07-11 09:42 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-02 22:19 . 2012-06-21 09:42 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 09:42 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 09:42 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 09:42 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 09:42 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 09:42 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 09:42 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-21 09:41 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-21 09:41 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:51 . 2012-07-11 09:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:51 . 2012-07-11 09:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:50 . 2012-07-11 09:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:48 . 2012-07-11 09:43 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:47 . 2012-07-11 09:43 219136 ----a-w- c:\windows\system32\ncrypt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-07 296056]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMSVC;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 ftpsvc;Microsoft FTP-service;c:\windows\system32\svchost.exe [x]

S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

ftpsvc REG_MULTI_SZ ftpsvc

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 11:02]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 14:51]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 14:51]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe

HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:7f,b1,5a,14,e2,b3,bc,42,67,fa,b9,d8,52,99,10,07,cd,05,fe,8a,4d,41,f8,

ab,36,ab,90,71,3d,3e,f7,45,f8,89,6d,9d,9d,f4,ff,c2,7d,d4,17,7a,c8,c8,d1,9a,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:68,27,fb,e6,82,81,29,bc,84,bf,d9,9e,c4,c9,db,74,69,65,de,bd,49,

80,8e,e7,02,39,83,70,14,53,df,9c,39,01,2d,4a,5f,9d,94,86,83,35,8a,4d,01,8d,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\CISVC.EXE

c:\windows\system32\inetsrv\inetinfo.exe

c:\windows\system32\mqsvc.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\windows\system32\taskhost.exe

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-30 14:24:38 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-30 12:24

ComboFix2.txt 2012-08-28 15:46

ComboFix3.txt 2012-08-28 12:15

ComboFix4.txt 2012-05-30 13:20

.

Pre-Run: 57.473.355.776 bytes beschikbaar

Post-Run: 56.945.963.008 bytes beschikbaar

.

- - End Of File - - 8F79539D22E11977DF8BBC598B4E984C

alvast bedankt voor de snelle response.zover ben ik al

# AdwCleaner v1.801 - Logfile created 08/30/2012 at 14:06:36

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Iwan - IWAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Iwan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29XJ20A2\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\AVG Secure Search

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=5570d1450e5547d68168f1867654d3ed-a43e9aa1dd56f8388499278e4a783a82cf58a0e3〈=nl&ds=AVG&pr=pr&d=2012-08-28 20:11:24&v=12.2.0.5&sap=hp --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Iwan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "icon_url": "hxxps://isearch.avg.com/favicon.ico",

Deleted : "keyword": "isearch.avg.com",

Deleted : "name": "AVG Secure Search",

Deleted : "search_url": "hxxps://isearch.avg.com/search?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=&[...]

Deleted : "description": "AVG Secure Search",

Deleted : "name": "AVG Secure Search",

*************************

AdwCleaner[s1].txt - [886 octets] - [30/08/2012 14:03:10]

AdwCleaner[s2].txt - [5674 octets] - [30/08/2012 14:06:36]

########## EOF - C:\AdwCleaner[s2].txt - [5802 octets] ##########

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:53:17, on 30/08/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=5570d1450e5547d68168f1867654d3ed-a43e9aa1dd56f8388499278e4a783a82cf58a0e3〈=nl&ds=AVG&pr=pr&d=2012-08-28 20:11:24&v=12.2.0.5&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe

--

End of file - 7320 bytes

De problemen zijn eigenlijk begonnen met het politievirus.

Dit hebben we kunnen oplossen maar achteraf was het niet meer mogelijk om iets op te zoeken via google.

Dit is ondertussen opgelost maar er blijven pop-ups verschijnen.

Al verschillende virusscanners geprobeerd en programma's om spyware te verwijderen maar niets helpt.

Ze hebben ons al de raad gegeven om de boel te formatteren en windows opnieuw te installeren maar moet het nu zo drastisch?

Alvast bedankt voor de hulp en tips.