Mystart incredibar

[boekenwurmpje]

Ik heb ook mystart incredibar op mijn laptop. Heel vervelend en heb al malwarbytes-antimalware, SSD, CCleaner gedraaid. Niets helpt. Kunnen jullie mij helpen? Ik stuur de log van HijachThis mee. Alvast bedankt.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:16:32, on 22/06/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\PLFSetI.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\THEINC~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%20http//google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Fun Desktop Wallpaper Changer] C:\Program Files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - Startup: Dropbox.lnk = C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} - http://foto.hema.be/ips-opdata/layout/hema/objects/canvasx.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--

End of file - 15290 bytes

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Web Assistant Updater"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete"Web Assistant Updater"

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%20http//google.be/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4 }

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

23 juni 2012 aangepast door kape

[boekenwurmpje]

Ik heb gedaan wat je voorstelt. Hier zijn mijn nieuwe logs.

Combofix

ComboFix 12-06-23.05 - the incredibles 23/06/2012 16:05:51.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1930 [GMT 2:00]

Gestart vanuit: c:\users\the incredibles\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

c:\program files\Web Assistant\ExTEnsion32.dll

c:\programdata\Roaming

c:\users\the incredibles\AppData\Local\assembly\tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))

.

.

2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\the incredibles\AppData\Local\temp

2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Saar\AppData\Local\temp

2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Het bibliofieltje\AppData\Local\temp

2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-22 15:46 . 2012-06-22 15:46 388096 ----a-r- c:\users\the incredibles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-22 15:46 . 2012-06-22 15:46 -------- d-----w- c:\program files\Trend Micro

2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files\Perion

2012-06-21 17:51 . 2012-06-21 17:51 455 ----a-w- C:\user.js

2012-06-21 17:51 . 2012-06-23 08:46 -------- d-----w- c:\program files\Web Assistant

2012-06-21 08:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 08:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 08:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 08:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 08:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 08:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 08:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 08:20 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 08:20 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 18:33 . 2012-06-20 18:33 -------- d-----w- c:\users\the incredibles\AppData\Local\7D542E3C-0060-428B-A68A-FE80FDFA24DA.aplzod

2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\users\the incredibles\.config

2012-06-16 08:20 . 2012-06-16 08:20 -------- d-----w- c:\program files\iPod

2012-06-16 08:20 . 2012-06-16 08:21 -------- d-----w- c:\program files\iTunes

2012-06-13 12:36 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 12:36 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 12:36 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 12:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 12:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 08:59 . 2012-06-09 08:59 -------- d-----w- c:\users\Saar\AppData\Local\AVG Secure Search

2012-06-08 17:24 . 2012-06-08 17:24 -------- d-----w- c:\program files\Dropbox

2012-06-08 13:02 . 2012-06-08 13:02 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-08 13:02 . 2012-06-01 15:37 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-08 13:02 . 2012-06-01 15:37 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-06-08 13:02 . 2012-06-01 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-08 13:02 . 2012-06-01 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\users\the incredibles\AppData\Local\AVG Secure Search

2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\program files\AVG Secure Search

2012-06-03 09:00 . 2012-06-03 09:00 -------- d-----w- c:\programdata\Downloaded Installations

2012-06-03 08:50 . 2012-06-03 08:50 -------- d-----w- c:\users\the incredibles\AppData\Local\Microsoft_Corporation

2012-06-03 08:48 . 2012-06-23 08:46 -------- d-----w- c:\users\the incredibles\AppData\Local\assembly

2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\users\the incredibles\AppData\Roaming\SingularLabs

2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\programdata\SingularLabs

2012-05-31 15:23 . 2012-06-22 15:32 -------- d-----w- c:\program files\System Ninja

2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\programdata\NCH Software

2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\program files\NCH Software

2012-05-28 17:07 . 2012-05-28 17:09 -------- d-----w- c:\users\the incredibles\AppData\Roaming\NCH Software

2012-05-25 15:37 . 2012-05-25 15:37 -------- d-----w- c:\users\the incredibles\AppData\Roaming\U3

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 13:55 . 2012-04-07 17:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 13:55 . 2011-05-17 15:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 05:43 . 2012-04-19 05:43 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-04 13:56 . 2011-02-16 14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16 . 2012-05-11 05:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-11 05:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-11 05:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2008-07-03 10:45 . 2012-02-29 14:38 826451 ----a-w- c:\program files\Rainbow Folders.exe

2003-03-21 12:45 . 2012-03-07 19:54 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx

2012-06-01 15:38 . 2012-03-26 17:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-07 15:53 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Fun Desktop Wallpaper Changer"="c:\program files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe" [2005-12-22 57344]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-04 39408]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-12 30192]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-07 1104440]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-20 296056]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2011-02-12 15:26 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Users^the incredibles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

path=c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk

backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]

2008-03-07 02:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2008-03-04 22:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

2008-04-23 14:58 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]

2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]

2011-02-12 15:26 3607040 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe

.

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-06-04 35712]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.4 195.130.130.132

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - c:\users\the incredibles\AppData\Roaming\Mozilla\Firefox\Profiles\w5uk47l5.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6R8wH1Dlw7&i=26

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B67cd24f5-7e37-4971-8fdf-350d1be35b9b%7D&mid=9e17da8a68da47d6bb09d16acdd3b184-3942aef76122b7e3ddf78a20352126407d07e2d5&ds=AVG&v=11.1.0.7〈=nl&pr=fr&d=2012-06-07%2017%3A53%3A08&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extentions.y2layers.installId - e0989316-236f-4c0a-8010-7f289bf577a1

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8wH1Dlw7&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - d402dff900000000000000238b375877

FF - user.js: extensions.incredibar_i.instlDay - 15512

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:51

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8wH1Dlw7

FF - user.js: extensions.incredibar_i.upn2n - 92824574815834771

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did -

FF - user.js: extensions.incredibar_i.ppd - %ppdToReport%

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-ISPMonitor - c:\program files\ISP Monitor\isp.exe

AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe

AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-23 16:14

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1016)

c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

Voltooingstijd: 2012-06-23 16:17:33

ComboFix-quarantined-files.txt 2012-06-23 14:17

.

Pre-Run: 140.241.915.904 bytes beschikbaar

Post-Run: 140.158.328.832 bytes beschikbaar

.

- - End Of File - - BC512511CE9D31AED4DFCE42B6834959

Log van HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:28:35, on 23/06/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Windows\PLFSetI.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\THEINC~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Fun Desktop Wallpaper Changer] C:\Program Files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - Startup: Dropbox.lnk = C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} - http://foto.hema.be/ips-opdata/layout/hema/objects/canvasx.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--

End of file - 14322 bytes

Alvast bedankt

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\user.js

Folder::

c:\program files\Web Assistant

Firefox::

FF - ProfilePath - c:\users\the incredibles\AppData\Roaming\Mozilla\Firefox\Profiles\w5uk47l5.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6R8wH1Dlw7&i=26

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8wH1Dlw7&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - d402dff900000000000000238b375877

FF - user.js: extensions.incredibar_i.instlDay - 15512

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:51

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8wH1Dlw7

FF - user.js: extensions.incredibar_i.upn2n - 92824574815834771

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did -

FF - user.js: extensions.incredibar_i.ppd - %ppdToReport%

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[boekenwurmpje]

Oké ik heb dat gedaan. Alweer bedankt voor de snelle reactie.

ComboFix 12-06-23.05 - the incredibles 23/06/2012 18:06:51.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1655 [GMT 2:00]

Gestart vanuit: c:\users\the incredibles\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\the incredibles\Desktop\CFScript - Snelkoppeling.lnk

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\the incredibles\AppData\Local\assembly\tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))

.

.

2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Saar\AppData\Local\temp

2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Het bibliofieltje\AppData\Local\temp

2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 14:17 . 2012-06-23 16:15 -------- d-----w- c:\users\the incredibles\AppData\Local\temp

2012-06-22 15:46 . 2012-06-22 15:46 388096 ----a-r- c:\users\the incredibles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-22 15:46 . 2012-06-22 15:46 -------- d-----w- c:\program files\Trend Micro

2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files\Perion

2012-06-21 17:51 . 2012-06-21 17:51 455 ----a-w- C:\user.js

2012-06-21 17:51 . 2012-06-23 08:46 -------- d-----w- c:\program files\Web Assistant

2012-06-21 08:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 08:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 08:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 08:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 08:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 08:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 08:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 08:20 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 08:20 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 18:33 . 2012-06-20 18:33 -------- d-----w- c:\users\the incredibles\AppData\Local\7D542E3C-0060-428B-A68A-FE80FDFA24DA.aplzod

2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\users\the incredibles\.config

2012-06-16 08:20 . 2012-06-16 08:20 -------- d-----w- c:\program files\iPod

2012-06-16 08:20 . 2012-06-16 08:21 -------- d-----w- c:\program files\iTunes

2012-06-13 12:36 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 12:36 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 12:36 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 12:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 12:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 08:59 . 2012-06-09 08:59 -------- d-----w- c:\users\Saar\AppData\Local\AVG Secure Search

2012-06-08 17:24 . 2012-06-08 17:24 -------- d-----w- c:\program files\Dropbox

2012-06-08 13:02 . 2012-06-08 13:02 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-08 13:02 . 2012-06-01 15:37 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-08 13:02 . 2012-06-01 15:37 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-06-08 13:02 . 2012-06-01 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-08 13:02 . 2012-06-01 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\users\the incredibles\AppData\Local\AVG Secure Search

2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\program files\AVG Secure Search

2012-06-03 09:00 . 2012-06-03 09:00 -------- d-----w- c:\programdata\Downloaded Installations

2012-06-03 08:50 . 2012-06-03 08:50 -------- d-----w- c:\users\the incredibles\AppData\Local\Microsoft_Corporation

2012-06-03 08:48 . 2012-06-23 16:15 -------- d-----w- c:\users\the incredibles\AppData\Local\assembly

2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\users\the incredibles\AppData\Roaming\SingularLabs

2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\programdata\SingularLabs

2012-05-31 15:23 . 2012-06-22 15:32 -------- d-----w- c:\program files\System Ninja

2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\programdata\NCH Software

2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\program files\NCH Software

2012-05-28 17:07 . 2012-05-28 17:09 -------- d-----w- c:\users\the incredibles\AppData\Roaming\NCH Software

2012-05-25 15:37 . 2012-05-25 15:37 -------- d-----w- c:\users\the incredibles\AppData\Roaming\U3

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 13:55 . 2012-04-07 17:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 13:55 . 2011-05-17 15:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 05:43 . 2012-04-19 05:43 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-04 13:56 . 2011-02-16 14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16 . 2012-05-11 05:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-11 05:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-11 05:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2008-07-03 10:45 . 2012-02-29 14:38 826451 ----a-w- c:\program files\Rainbow Folders.exe

2003-03-21 12:45 . 2012-03-07 19:54 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx

2012-06-01 15:38 . 2012-03-26 17:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-07 15:53 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Fun Desktop Wallpaper Changer"="c:\program files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe" [2005-12-22 57344]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-04 39408]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-12 30192]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-07 1104440]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-20 296056]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2011-02-12 15:26 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Users^the incredibles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

path=c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk

backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]

2008-03-07 02:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2008-03-04 22:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

2008-04-23 14:58 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]

2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]

2011-02-12 15:26 3607040 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe

.

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-06-04 35712]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.4 195.130.130.132

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - c:\users\the incredibles\AppData\Roaming\Mozilla\Firefox\Profiles\w5uk47l5.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6R8wH1Dlw7&i=26

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B67cd24f5-7e37-4971-8fdf-350d1be35b9b%7D&mid=9e17da8a68da47d6bb09d16acdd3b184-3942aef76122b7e3ddf78a20352126407d07e2d5&ds=AVG&v=11.1.0.7〈=nl&pr=fr&d=2012-06-07%2017%3A53%3A08&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extentions.y2layers.installId - e0989316-236f-4c0a-8010-7f289bf577a1

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8wH1Dlw7&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - d402dff900000000000000238b375877

FF - user.js: extensions.incredibar_i.instlDay - 15512

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:51

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8wH1Dlw7

FF - user.js: extensions.incredibar_i.upn2n - 92824574815834771

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did -

FF - user.js: extensions.incredibar_i.ppd - %ppdToReport%

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-23 18:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5536)

c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

Voltooingstijd: 2012-06-23 18:18:17

ComboFix-quarantined-files.txt 2012-06-23 16:18

ComboFix2.txt 2012-06-23 14:17

.

Pre-Run: 140.099.145.728 bytes beschikbaar

Post-Run: 140.064.829.440 bytes beschikbaar

.

- - End Of File - - 57DC50056ECFD83335EA3B38A60CB18F

[kape]

Dit is niet correct verlopen. Het bestandje dat je in kladblok moest aanmaken, moet wel degelijk de naam CFScript.txt hebben, om het daarna correct te kunnen gebruiken. In jouw geval heb je er een snelkoppeling van gemaakt CFScript - Snelkoppeling.lnk ... waardoor de behandeling dus niet gelukt is.

Wil je de opdracht van bericht 4 nog eens herhalen op de aangegeven manier en daarna weer een logje van Combofix plaatsen ter controle.

[boekenwurmpje]

Ik hoop dat het deze keer juist is. Bedankt voor je geduld.

ComboFix 12-06-23.05 - the incredibles 23/06/2012 19:56:49.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1993 [GMT 2:00]

Gestart vanuit: c:\users\the incredibles\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\the incredibles\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

c:\program files\Web Assistant

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Web Assistant\Firefox\chrome.manifest

c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js

c:\program files\Web Assistant\Firefox\chrome\content\main.js

c:\program files\Web Assistant\Firefox\chrome\content\main.xul

c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js

c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd

c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css

c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js

c:\program files\Web Assistant\Firefox\install.rdf

c:\program files\Web Assistant\InstallerHelper.dll

c:\program files\Web Assistant\libraries\DataExchangeScript.js

c:\program files\Web Assistant\resources\localscript.js

c:\program files\Web Assistant\source.crx

c:\program files\Web Assistant\unins000.dat

c:\program files\Web Assistant\unins000.exe

c:\users\the incredibles\AppData\Local\assembly\tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Web Assistant Updater

-------\Service_Web Assistant Updater

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))

.

.

2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\the incredibles\AppData\Local\temp

2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Saar\AppData\Local\temp

2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Het bibliofieltje\AppData\Local\temp

2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-22 15:46 . 2012-06-22 15:46 388096 ----a-r- c:\users\the incredibles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-22 15:46 . 2012-06-22 15:46 -------- d-----w- c:\program files\Trend Micro

2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files\Perion

2012-06-21 17:51 . 2012-06-21 17:51 455 ----a-w- C:\user.js

2012-06-21 08:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 08:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 08:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 08:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 08:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 08:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 08:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 08:20 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 08:20 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 18:33 . 2012-06-20 18:33 -------- d-----w- c:\users\the incredibles\AppData\Local\7D542E3C-0060-428B-A68A-FE80FDFA24DA.aplzod

2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\users\the incredibles\.config

2012-06-16 08:20 . 2012-06-16 08:20 -------- d-----w- c:\program files\iPod

2012-06-16 08:20 . 2012-06-16 08:21 -------- d-----w- c:\program files\iTunes

2012-06-13 12:36 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 12:36 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 12:36 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 12:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 12:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 08:59 . 2012-06-09 08:59 -------- d-----w- c:\users\Saar\AppData\Local\AVG Secure Search

2012-06-08 17:24 . 2012-06-08 17:24 -------- d-----w- c:\program files\Dropbox

2012-06-08 13:02 . 2012-06-08 13:02 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-08 13:02 . 2012-06-01 15:37 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-08 13:02 . 2012-06-01 15:37 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-06-08 13:02 . 2012-06-01 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-08 13:02 . 2012-06-01 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\users\the incredibles\AppData\Local\AVG Secure Search

2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\program files\AVG Secure Search

2012-06-03 09:00 . 2012-06-03 09:00 -------- d-----w- c:\programdata\Downloaded Installations

2012-06-03 08:50 . 2012-06-03 08:50 -------- d-----w- c:\users\the incredibles\AppData\Local\Microsoft_Corporation

2012-06-03 08:48 . 2012-06-23 17:05 -------- d-----w- c:\users\the incredibles\AppData\Local\assembly

2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\users\the incredibles\AppData\Roaming\SingularLabs

2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\programdata\SingularLabs

2012-05-31 15:23 . 2012-06-22 15:32 -------- d-----w- c:\program files\System Ninja

2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\programdata\NCH Software

2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\program files\NCH Software

2012-05-28 17:07 . 2012-05-28 17:09 -------- d-----w- c:\users\the incredibles\AppData\Roaming\NCH Software

2012-05-25 15:37 . 2012-05-25 15:37 -------- d-----w- c:\users\the incredibles\AppData\Roaming\U3

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 13:55 . 2012-04-07 17:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 13:55 . 2011-05-17 15:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 05:43 . 2012-04-19 05:43 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-04 13:56 . 2011-02-16 14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16 . 2012-05-11 05:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-11 05:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-11 05:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2008-07-03 10:45 . 2012-02-29 14:38 826451 ----a-w- c:\program files\Rainbow Folders.exe

2003-03-21 12:45 . 2012-03-07 19:54 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx

2012-06-01 15:38 . 2012-03-26 17:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-07 15:53 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Fun Desktop Wallpaper Changer"="c:\program files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe" [2005-12-22 57344]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-04 39408]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-12 30192]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-07 1104440]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-20 296056]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2011-02-12 15:26 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Users^the incredibles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

path=c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk

backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]

2008-03-07 02:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2008-03-04 22:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

2008-04-23 14:58 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]

2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]

2011-02-12 15:26 3607040 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe

.

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-06-04 35712]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.4 195.130.130.132

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - c:\users\the incredibles\AppData\Roaming\Mozilla\Firefox\Profiles\w5uk47l5.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B67cd24f5-7e37-4971-8fdf-350d1be35b9b%7D&mid=9e17da8a68da47d6bb09d16acdd3b184-3942aef76122b7e3ddf78a20352126407d07e2d5&ds=AVG&v=11.1.0.7〈=nl&pr=fr&d=2012-06-07%2017%3A53%3A08&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extentions.y2layers.installId - e0989316-236f-4c0a-8010-7f289bf577a1

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-23 20:05

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3160)

c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

Voltooingstijd: 2012-06-23 20:07:21

ComboFix-quarantined-files.txt 2012-06-23 18:07

ComboFix2.txt 2012-06-23 16:18

ComboFix3.txt 2012-06-23 14:17

.

Pre-Run: 140.042.600.448 bytes beschikbaar

Post-Run: 140.008.361.984 bytes beschikbaar

.

- - End Of File - - DC003C1D365FC40363FF0B569DFDB291

[kape]

Perfect zo ... hoe staat het nu met MyStart en Incredibar ? Loop je die nog ergens tegen het lijf ?

[boekenwurmpje]

Als ik google chrome opstart nog steeds die rotzooi van mystart en incredibar. In explorer en mozilla firefox blijkbaar niet meer. Wat nu??

[kweezie wabbit]

Start Chrome en klik rechts boven op de moersleutel.

Kies dan voor instellingen en klik dan aan de linkerkant op extenties.

Verwijder daar alles van mystart en incredibar.

Herstart chrome.