Internet Explorer 9

[JANMATTHEUSSEN]

Besturingssysteem; Windows 7 64 bit

Bij het openen van internet explorer 9 krijg ik steeds een exta blad met internet explorer 9

Bijstartpagina staat er maaréén pagina, bij extra, internetopties staat er maar één startpagina. Waar kan ik dit extra blad definitief verwijderen? Ook bij het openen van een koppeling in een ander programma (bv snelkoppeling in outlook) krijg ik steeds twee bladen open met één blad internet explorer 9

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:16:43, on 11/05/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\NewSoft\Presto! PageManager 9.01\PMSpeed.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Vierde rit Giro: hulde van begin tot eind aan Wouter Weylandt - Gva.be

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

F2 - REG:system.ini: Shell=

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Prelaunch OmniPage] "C:\Program Files (x86)\Nuance\OmniPage17\OmniPage17.exe" /preload

O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.01\PMSpeed.EXE

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7154 bytes

hijackthis.log

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[JANMATTHEUSSEN]

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 6554

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/05/2011 11:36:14

mbam-log-2011-05-11 (11-36-14).txt

Scantype: Snelle scan

Objecten gescand: 193048

Verstreken tijd: 2 minuut/minuten, 46 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:43:04, on 11/05/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\NewSoft\Presto! PageManager 9.01\PMSpeed.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Parket heropent onderzoek naar misbruik door Antwerpse pater - Gva.be

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

F2 - REG:system.ini: Shell=

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Prelaunch OmniPage] "C:\Program Files (x86)\Nuance\OmniPage17\OmniPage17.exe" /preload

O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.01\PMSpeed.EXE

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7178 bytes

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[JANMATTHEUSSEN]

Ik heb eerst AVG volledig moeten verwijderen vooralleer Combi Fix wou starten

ComboFix 11-05-11.01 - Jan 11/05/2011 23:35:58.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.5111.3820 [GMT 2:00]

Gestart vanuit: c:\users\Jan\Documents\Programma\combo fix\ComboFix.exe

AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

G:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-11 to 2011-05-11 ))))))))))))))))))))))))))))))

.

.

2011-12-04 11:28 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-12-04 11:28 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-12-04 11:28 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-12-04 11:28 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-12-04 11:28 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-12-04 11:25 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll

2011-12-04 11:18 . 2011-12-04 11:18 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2011-12-04 11:18 . 2011-12-04 11:18 -------- d-----w- c:\windows\system32\wbem\en-US

2011-12-04 10:40 . 2011-03-23 09:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77B3B94F-0019-4168-9C0E-D737FD2214A2}\mpengine.dll

2011-12-04 10:37 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2011-12-04 10:33 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll

2011-12-04 10:33 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-12-04 10:33 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-12-04 10:33 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-12-04 10:33 . 2010-12-23 10:42 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-12-04 10:33 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-12-04 10:33 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll

2011-12-04 10:33 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-12-04 10:33 . 2010-12-23 05:54 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-04 10:33 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-12-04 10:32 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2011-12-04 10:32 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2011-12-04 10:28 . 2011-12-04 10:28 -------- d-----w- c:\windows\SysWow64\Wat

2011-12-04 10:28 . 2011-12-04 10:28 -------- d-----w- c:\windows\system32\Wat

2011-05-11 21:40 . 2011-05-11 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-11 21:24 . 2011-05-11 21:25 -------- d-----w- c:\program files\CCleaner

2011-05-11 09:32 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 09:32 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 09:32 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 09:32 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 09:32 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 09:32 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 09:32 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 09:32 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 09:32 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-08 22:30 . 2011-05-08 22:30 -------- d-----w- c:\users\Jan\AppData\Local\Diagnostics

2011-05-08 21:52 . 2011-05-08 21:52 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes

2011-05-08 21:52 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-08 21:52 . 2011-05-08 21:52 -------- d-----w- c:\programdata\Malwarebytes

2011-05-08 21:52 . 2011-05-08 21:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-08 21:52 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-08 21:22 . 2011-05-08 21:22 -------- d-----w- c:\users\Jan\AppData\Local\FixItCenter

2011-05-08 21:20 . 2011-05-08 21:20 -------- d-----w- c:\windows\MATS

2011-05-08 21:20 . 2011-05-08 21:20 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-05-08 17:03 . 2011-05-08 17:03 -------- d-----w- c:\users\Jan\AppData\Roaming\aignes

2011-05-08 16:51 . 2011-05-08 16:51 -------- d-----w- c:\program files (x86)\AM-DeadLink

2011-05-07 10:30 . 2011-05-07 10:30 388096 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-07 10:30 . 2011-05-07 10:30 -------- d-----w- c:\program files (x86)\Trend Micro

2011-05-04 10:21 . 2011-05-04 10:21 -------- d-----w- c:\program files (x86)\YouTube Downloader

2011-05-03 15:05 . 2011-05-03 15:06 -------- d-----w- c:\users\Jan\AppData\Local\Nokia

2011-05-03 15:05 . 2011-05-03 15:05 -------- d-----w- c:\programdata\PC Suite

2011-05-03 15:05 . 2011-05-03 15:05 -------- d-----w- c:\users\Jan\AppData\Roaming\PC Suite

2011-05-03 15:04 . 2011-05-03 15:04 -------- d-----w- c:\program files (x86)\Common Files\Nokia

2011-05-03 15:04 . 2011-05-03 15:04 -------- d-----w- c:\program files\DIFX

2011-05-03 15:04 . 2008-08-28 09:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2011-05-03 15:04 . 2011-05-03 15:04 -------- dc----w- c:\windows\system32\DRVSTORE

2011-05-03 15:04 . 2011-05-03 15:04 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2011-05-03 14:59 . 2010-07-30 12:18 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll

2011-05-03 14:58 . 2011-05-03 15:04 -------- d-----w- c:\program files (x86)\Nokia

2011-05-03 14:58 . 2011-05-03 14:58 -------- d-----w- c:\programdata\NokiaInstallerCache

2011-05-01 09:39 . 2010-11-29 14:21 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll

2011-05-01 09:39 . 2010-11-29 14:21 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll

2011-05-01 09:29 . 2011-05-01 09:29 -------- d-----w- c:\programdata\AVS4YOU

2011-05-01 09:29 . 2011-05-01 09:43 -------- d-----w- c:\users\Jan\AppData\Roaming\AVS4YOU

2011-05-01 09:29 . 2011-05-01 09:38 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2011-05-01 09:29 . 2008-07-03 12:27 974848 ----a-w- c:\windows\SysWow64\mfc70.dll

2011-05-01 09:29 . 2008-07-03 12:27 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll

2011-05-01 09:29 . 2008-07-03 12:27 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll

2011-05-01 09:29 . 2008-07-11 10:25 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2011-05-01 09:29 . 2003-05-21 11:50 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2011-05-01 09:29 . 2011-05-01 09:43 -------- d-----w- c:\program files (x86)\AVS4YOU

2011-05-01 08:56 . 2011-05-01 08:56 -------- d-----w- c:\users\Jan\AppData\Roaming\UDC Profiles

2011-05-01 08:56 . 2010-03-18 20:28 30584 ----a-w- c:\windows\system32\udcpm.dll

2011-05-01 08:55 . 2011-05-01 08:56 -------- d-----w- c:\program files (x86)\Universal Document Converter

2011-04-23 15:48 . 2011-04-23 15:48 -------- d-----w- c:\users\Jan\AppData\Roaming\gtk-2.0

2011-04-23 15:45 . 2011-04-23 15:52 -------- d-----w- c:\program files (x86)\Gnumeric

2011-04-23 15:23 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2011-04-23 15:23 . 2009-09-04 15:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2011-04-23 15:23 . 2009-09-04 15:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll

2011-04-23 15:23 . 2009-09-04 15:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll

2011-04-23 15:23 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-04-23 15:23 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-04-23 15:23 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-04-23 15:23 . 2009-09-04 15:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-04-23 15:22 . 2011-04-23 15:28 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared

2011-04-23 15:22 . 2011-04-23 15:22 -------- d-----w- c:\program files (x86)\Autodesk

2011-04-23 15:13 . 2011-05-11 21:33 -------- d-----w- c:\program files (x86)\Common Files\Akamai

2011-04-23 15:06 . 2011-04-23 15:06 -------- d-----w- c:\users\Jan\AppData\Roaming\ScanSoft

2011-04-23 13:57 . 2011-04-23 13:57 -------- d-----w- c:\users\Jan\AppData\Roaming\Microsoft Web Folders

2011-04-23 13:57 . 2011-04-23 13:57 -------- d-----w- c:\windows\Twain32

2011-04-23 10:46 . 2011-04-23 10:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-04-23 10:46 . 2011-04-23 10:46 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-04-22 23:24 . 2011-04-22 23:26 -------- d-----w- c:\program files\Recuva

2011-04-22 11:15 . 2011-04-22 11:15 -------- d-----w- c:\programdata\FileCure

2011-04-20 19:42 . 2011-04-20 19:42 -------- d-----w- c:\users\Jan\AppData\Roaming\Canon

2011-04-20 18:12 . 2011-04-22 12:36 -------- d-----w- c:\program files (x86)\PowerDataRecovery

2011-04-20 17:25 . 2011-04-20 17:25 -------- d-----w- c:\users\Classic .NET AppPool

2011-04-20 17:22 . 2011-04-20 17:22 -------- d-----w- c:\windows\SysWow64\BestPractices

2011-04-20 17:22 . 2011-04-20 17:22 -------- d-----w- c:\windows\system32\BestPractices

2011-04-20 17:22 . 2011-04-20 17:22 -------- d-----w- C:\inetpub

2011-04-20 17:12 . 2011-04-20 17:12 -------- d-----w- c:\users\Jan\AppData\Local\Apps

2011-04-14 21:02 . 2011-04-14 21:02 -------- d-----w- c:\windows\system32\Macromed

2011-04-14 19:57 . 2011-05-11 21:33 -------- d-----w- c:\users\Jan\AppData\Roaming\.oit

2011-04-14 19:57 . 2011-04-14 19:57 -------- d-----w- c:\users\Jan\AppData\Local\NewSoft

2011-04-14 19:55 . 2009-11-05 08:13 139800 ----a-w- c:\windows\SysWow64\TWAINDSM.dll

2011-04-14 19:55 . 2011-04-14 19:55 -------- d-----w- c:\windows\SysWow64\color

2011-04-14 19:53 . 2011-04-14 19:53 34104 ----a-w- c:\windows\system32\drivers\Achernar.sys

2011-04-14 19:51 . 2011-04-14 19:51 -------- d-----w- c:\users\Jan\AppData\Roaming\InstallShield

2011-04-14 19:48 . 2011-04-14 19:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-04-14 19:45 . 2011-04-14 19:48 -------- d-----w- c:\users\Jan\AppData\Local\Adobe

2011-04-14 19:33 . 2011-04-14 19:33 -------- d-----w- c:\users\Jan\AppData\Roaming\FLEXnet

2011-04-14 19:24 . 2011-04-14 19:24 -------- d-----w- c:\users\Jan\AppData\Roaming\Zeon

2011-04-14 19:24 . 2011-04-14 19:24 -------- d-----w- c:\users\Jan\AppData\Local\ScanSoft

2011-04-14 19:24 . 2011-04-14 19:24 -------- d-----w- c:\users\Jan\AppData\Roaming\Nuance

2011-04-14 19:23 . 2011-04-14 19:24 -------- d-----w- c:\programdata\ScanSoft

2011-04-14 19:23 . 2011-04-14 19:23 -------- d-----w- c:\programdata\FLEXnet

2011-04-14 19:23 . 2011-04-14 19:23 -------- d-----w- c:\program files (x86)\Nuance

2011-04-14 19:17 . 2011-04-14 19:17 -------- d-----w- C:\OmniPage17

2011-04-14 19:16 . 1999-05-06 12:22 27632 ----a-w- c:\windows\SysWow64\CTL3DV2.DLL

2011-04-14 19:16 . 1997-10-14 03:19 11776 ----a-w- c:\windows\SysWow64\pmsbfn32.dll

2011-04-14 19:16 . 2011-04-14 19:55 -------- d-----w- c:\program files (x86)\Common Files\NewSoft

2011-04-14 19:16 . 2011-04-14 19:54 -------- d-----w- c:\program files (x86)\NewSoft

2011-04-14 19:16 . 2011-04-20 19:06 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2011-04-14 19:14 . 2011-04-14 19:14 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2011-04-14 19:12 . 2011-04-14 19:14 -------- d-----w- c:\program files (x86)\Canon

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 09:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-04-14 09:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-03-04 06:19 . 2011-04-28 06:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-28 06:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Prelaunch OmniPage"="c:\program files (x86)\Nuance\OmniPage17\OmniPage17.exe" [2009-10-19 5592352]

"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.01\PMSpeed.EXE" [2010-07-29 116632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-15 343856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\Drivers\Achernar.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ftpsvc;Microsoft FTP-service;c:\windows\system32\svchost.exe [2009-07-14 27136]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

Akamai REG_MULTI_SZ Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]

"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.gva.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]

@Denied: (Full) (Everyone)

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

@="Microsoft Windows Media Player"

"Version"="12,0,7601,17514"

"IsInstalled"=dword:00000000

"ComponentID"="WMPACCESS"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"

"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"

"DontAsk"=dword:00000002

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

@="Internet Explorer"

"Version"="9,0,8112,16421"

"IsInstalled"=dword:00000000

"ComponentID"="IEACCESS"

"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21"

"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig"

"Dontask"=dword:00000002

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

@="Browser Customizations"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentiD"="BRANDING.CAB"

"LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052"

"StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]

@="Java (Sun)"

"ComponentID"="JAVAVM"

"IsInstalled"=dword:00000001

"KeyFileName"="c:\\Program Files (x86)\\Java\\jre6\\bin\\regutils.dll"

"Version"="5,0,5000,0"

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

@="Microsoft Windows Media Player 12.0"

"IsInstalled"=dword:00000001

"Version"="12,0,7601,17514"

"DontAsk"=dword:00000002

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

@="Themes Setup"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682"

"ComponentID"="Theme Component"

"IsInstalled"=dword:00000001

"Locale"="EN"

"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"

"Version"="1,1,1,9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]

@="Offline Browsing Pack"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="MobilePk"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"IsInstalled"=dword:00000001

"Dontask"=dword:00000002

"Locale"="*"

"ComponentID"="MailNews"

"CloneUser"=dword:00000001

"StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE"

"Version"="6,1,7601,17514"

@="Microsoft Windows"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]

@="DirectDrawEx"

"ComponentID"="DirectDrawEx"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="4,71,1113,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]

@="Internet Explorer Help"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="HelpCont"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]

@="Microsoft Windows Script 5.6"

"ComponentID"="MSVBScript"

"IsInstalled"=dword:00000001

"Locale"="EN"

"Version"="5,6,0,8833"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

@="Internet Explorer Setup Tools"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="GenSetup"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]

"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"

@="Browsing Enhancements"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="ExtraPack"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

@="Microsoft Windows Media Player"

"IsInstalled"=dword:00000001

"Version"="12,0,7601,17514"

"ComponentID"="Microsoft Windows Media Player"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"

"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"

"DontAsk"=dword:00000002

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]

@="MSN Site Access"

"IsInstalled"=dword:00000001

"Version"="4,9,9,2"

"ComponentID"="MSN_Auth"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]

@="Webmappen"

"Locale"="*"

"IsInstalled"=dword:00000001

"Version"="1,0,1,6"

"ComponentID"="WebFolders"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

@="Address Book 7"

"Version"="6,1,7601,17514"

"IsInstalled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]

@=".NET Framework"

"Locale"=""

"ComponentID"=".NETFramework"

"Version"="2,0,50727,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

@="Windows Desktop Update"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"

"ComponentID"="IE4_SHELLID"

"IsInstalled"=dword:00000001

"Locale"="en"

"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

"Version"="6,1,7601,17514"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

@="Web Platform Customizations"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="BASEIE40_W2K"

"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000"

"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"

"Locale"="en"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

"IsInstalled"=dword:00000001

"ComponentID"="DOTNETFRAMEWORKS"

"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"

"DontAsk"=dword:00000002

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]

@="Dynamic HTML Data Binding"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="Tridata"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]

@="Internet Explorer Core Fonts"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="Fontcore"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]

@="HTML Help"

"IsInstalled"=dword:00000001

"Version"="6,1,7601,16978"

"ComponentID"="HTMLHelp"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

@="Active Directory Service Interface"

"ComponentID"="ADSI"

"IsInstalled"=dword:00000001

"Locale"="EN"

"Version"="5,0,00,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]

"Locale"=""

"Version"="4,0,30319,0"

"ComponentID"=".NETFramework"

@=".NET Framework"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-05-11 23:41:33

ComboFix-quarantined-files.txt 2011-05-11 21:41

.

Pre-Run: 174.848.995.328 bytes beschikbaar

Post-Run: 174.705.385.472 bytes beschikbaar

.

- - End Of File - - 2A96DDC08AD863DB64CF197B3CB79F94

[kape]

Dit ziet er allemaal netjes uit. Geen enkel logje wijst op (ernstige) malware.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Verwijder dan Internet Explorer 9, reinig de PC met CCleaner en download een nieuwe versie van IE 9. En bekijk dan eens of de extra pagina ook na deze nieuwe installatie nog voorkomt ?

[JANMATTHEUSSEN]

Kan combofix niet uninstall

[Dasle]

Heb je rekening gehouden dat er tussen ComboFix en de slash (/) een spatie hoort?

[JANMATTHEUSSEN]

Ik heb eerst AVG weer volledig moeten verwijderen vooralleer Combi Fix wou starten en inderdaad

ik was de spatie vergeten. Maar het resultaat na de nieuwe installatie van internet explorer 9 was dezelfde als voorheen. Terug dat extra blad

[Asus]

Kan je eens een afbeelding maken van het probleem met het knipprogramma en die in een volgend bericht plaatsen ?...klik op 'knipprogramma' en 'plaatsen'.