![](https://www.pc-helpforum.be/uploads/set_resources_28/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
safra
-
Items
7 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door safra
-
-
ik heb nu opnieuw opgestart en er zijn geen pop ups.maar nu heb ik wel terug het probleem op google ,nl dat ik niets kan opzoeken daar.Telkens ik een zoekopdracht wil geven,dan blijft die gewoon op google beginscherm staan en zoekt niets op :-/
-
Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.org
Databaseversie: v2012.08.30.03
Windows 7 x86 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 9.0.8112.16421
Iwan :: IWAN-PC [administrator]
30/08/2012 15:45:40
mbam-log-2012-08-30 (15-45-40).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 186515
Verstreken tijd: 52 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
het zegt dat malwarebytes geen dingen heeft gevonden.ik ga nu opnieuw opstarten
-
dit is het logbestand van combofix
ComboFix 12-08-29.03 - Iwan 30/08/2012 14:15:33.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3583.2472 [GMT 2:00]
Gestart vanuit: c:\users\Iwan\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\temp\catchme.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-28 to 2012-08-30 ))))))))))))))))))))))))))))))
.
.
2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Iwan\AppData\Local\temp
2012-08-30 12:20 . 2012-08-30 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-30 10:51 . 2012-08-30 10:51 388096 ----a-r- c:\users\Iwan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-30 10:51 . 2012-08-30 10:51 -------- d-----w- c:\program files\Trend Micro
2012-08-29 13:08 . 2012-08-29 13:27 -------- d-----w- c:\programdata\Panda Security
2012-08-29 12:09 . 2012-08-29 12:09 -------- d-----w- c:\users\Iwan\AppData\Roaming\SUPERAntiSpyware.com
2012-08-29 12:08 . 2012-08-29 12:11 -------- d-----w- c:\programdata\SUPERSetup
2012-08-28 18:11 . 2012-08-28 18:11 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 18:11 . 2012-08-30 12:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-28 18:10 . 2012-08-28 18:10 -------- d-----w- C:\$AVG
2012-08-28 18:09 . 2012-08-28 18:09 -------- d-----w- c:\users\Iwan\AppData\Roaming\AVG2012
2012-08-28 18:09 . 2012-08-28 18:20 -------- d-----w- c:\programdata\AVG2012
2012-08-28 18:04 . 2012-08-28 18:05 -------- d-----w- c:\users\Iwan\AppData\Roaming\Ad-Aware Antivirus
2012-08-28 17:26 . 2012-08-28 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-28 15:52 . 2012-08-28 16:02 -------- d-----w- c:\users\Iwan\AppData\Roaming\AnySend
2012-08-28 15:52 . 2012-08-28 16:38 -------- d-----w- c:\programdata\AnySend
2012-08-28 14:51 . 2012-08-29 13:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-28 14:51 . 2012-08-28 14:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-28 14:45 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2ADC9D98-7C8B-441D-A30C-9F7112C8A156}\mpengine.dll
2012-08-28 14:24 . 2012-08-28 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Local\Yahoo!
2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Local\NanoService
2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\programdata\Yahoo!
2012-08-28 13:24 . 2012-08-28 13:35 -------- d-----w- c:\program files\Yahoo!
2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\programdata\Yahoo! Companion
2012-08-28 13:24 . 2012-08-28 13:24 -------- d-----w- c:\users\Iwan\AppData\Roaming\Yahoo!
2012-08-28 13:24 . 2012-08-28 13:25 -------- d--h--w- c:\windows\msdownld.tmp
2012-08-20 11:37 . 2012-08-28 14:40 -------- d-----w- c:\program files\Spawn
2012-08-20 11:36 . 2012-08-20 11:38 2829 ----a-w- c:\windows\DiabUnin.pif
2012-08-20 11:36 . 2012-08-20 11:38 118784 ----a-w- c:\windows\DiabUnin.exe
2012-08-20 11:36 . 2012-08-28 14:40 -------- d-----w- c:\program files\Diablo
2012-08-15 08:58 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 08:58 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 08:58 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 08:58 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 08:58 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 08:58 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 08:58 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 12:07 . 2012-08-08 12:07 -------- d-----w- c:\program files\2K Games
2012-08-08 12:07 . 2012-08-08 12:07 -------- d-----w- c:\users\Iwan\AppData\Roaming\InstallShield
2012-08-08 11:21 . 2008-05-30 12:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2012-08-08 11:21 . 2008-05-30 12:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2012-08-08 11:21 . 2008-05-30 12:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2012-08-08 11:20 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2012-08-08 11:20 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2012-08-08 08:50 . 2012-08-08 08:50 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-08-08 08:50 . 2012-08-08 08:50 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-08-04 09:43 . 2012-08-04 09:43 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2012-08-04 09:43 . 2012-08-04 09:43 17212 ----a-w- c:\windows\system32\SIntf32.dll
2012-08-04 09:43 . 2012-08-04 09:43 12067 ----a-w- c:\windows\system32\SIntf16.dll
2012-08-04 09:31 . 2012-08-04 09:31 2829 ----a-w- c:\windows\DIIUnin.pif
2012-08-04 09:31 . 2012-08-04 09:31 94208 ----a-w- c:\windows\DIIUnin.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 12:21 . 2011-01-04 20:59 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-08-30 11:02 . 2012-05-08 10:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 11:02 . 2011-12-16 17:01 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-12-23 09:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 12:31 . 2011-12-21 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-07 12:31 . 2011-12-21 18:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-06 05:09 . 2012-07-11 09:43 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:42 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 09:42 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:42 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:42 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:42 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 09:42 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 09:42 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 09:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 09:41 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 09:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 09:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 09:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 09:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 09:43 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:43 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-07 296056]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 ftpsvc;Microsoft FTP-service;c:\windows\system32\svchost.exe [x]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 11:02]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 14:51]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 14:51]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7f,b1,5a,14,e2,b3,bc,42,67,fa,b9,d8,52,99,10,07,cd,05,fe,8a,4d,41,f8,
ab,36,ab,90,71,3d,3e,f7,45,f8,89,6d,9d,9d,f4,ff,c2,7d,d4,17,7a,c8,c8,d1,9a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-2741702186-1399866525-2818520901-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:68,27,fb,e6,82,81,29,bc,84,bf,d9,9e,c4,c9,db,74,69,65,de,bd,49,
80,8e,e7,02,39,83,70,14,53,df,9c,39,01,2d,4a,5f,9d,94,86,83,35,8a,4d,01,8d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\mqsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-30 14:24:38 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-30 12:24
ComboFix2.txt 2012-08-28 15:46
ComboFix3.txt 2012-08-28 12:15
ComboFix4.txt 2012-05-30 13:20
.
Pre-Run: 57.473.355.776 bytes beschikbaar
Post-Run: 56.945.963.008 bytes beschikbaar
.
- - End Of File - - 8F79539D22E11977DF8BBC598B4E984C
-
alvast bedankt voor de snelle response.zover ben ik al
# AdwCleaner v1.801 - Logfile created 08/30/2012 at 14:06:36
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Iwan - IWAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Iwan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29XJ20A2\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=5570d1450e5547d68168f1867654d3ed-a43e9aa1dd56f8388499278e4a783a82cf58a0e3〈=nl&ds=AVG&pr=pr&d=2012-08-28 20:11:24&v=12.2.0.5&sap=hp --> hxxp://www.google.com
-\\ Google Chrome v21.0.1180.83
File : C:\Users\Iwan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "icon_url": "hxxps://isearch.avg.com/favicon.ico",
Deleted : "keyword": "isearch.avg.com",
Deleted : "name": "AVG Secure Search",
Deleted : "search_url": "hxxps://isearch.avg.com/search?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=&[...]
Deleted : "description": "AVG Secure Search",
Deleted : "name": "AVG Secure Search",
*************************
AdwCleaner[s1].txt - [886 octets] - [30/08/2012 14:03:10]
AdwCleaner[s2].txt - [5674 octets] - [30/08/2012 14:06:36]
########## EOF - C:\AdwCleaner[s2].txt - [5802 octets] ##########
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:17, on 30/08/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6F1BA678-0A2D-409A-B8F6-F3E0D62D605F}&mid=5570d1450e5547d68168f1867654d3ed-a43e9aa1dd56f8388499278e4a783a82cf58a0e3〈=nl&ds=AVG&pr=pr&d=2012-08-28 20:11:24&v=12.2.0.5&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
--
End of file - 7320 bytes
-
De problemen zijn eigenlijk begonnen met het politievirus.
Dit hebben we kunnen oplossen maar achteraf was het niet meer mogelijk om iets op te zoeken via google.
Dit is ondertussen opgelost maar er blijven pop-ups verschijnen.
Al verschillende virusscanners geprobeerd en programma's om spyware te verwijderen maar niets helpt.
Ze hebben ons al de raad gegeven om de boel te formatteren en windows opnieuw te installeren maar moet het nu zo drastisch?
Alvast bedankt voor de hulp en tips.
virus met pop-ups
in Archief Bestrijding malware & virussen
Geplaatst:
ow,correctie,er zijn toch dezelfde pop ups :-/