text enhance

IABK · 24 juli 2012

Hierbij het logbestand van combofix

ComboFix 12-07-25.04 - V.O.F. Boersma 24-07-2012 22:17:13.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1847 [GMT 2:00]

Gestart vanuit: c:\users\V.O.F. Boersma\Desktop\ComboFix.exe

AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Voorgaande Run -------

.

c:\program files\DealPly

c:\program files\DealPly\DealPly.crx

c:\program files\DealPly\DealPly.xpi

c:\program files\DealPly\icon.ico

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\install.rdf

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css

c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\update.css

c:\windows\system32\system

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-24 to 2012-07-24 ))))))))))))))))))))))))))))))

.

2012-07-24 20:23 . 2012-07-24 20:23 -------- d-----w- c:\users\V.O.F. Boersma\AppData\Local\temp

2012-07-24 20:23 . 2012-07-24 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-23 19:06 . 2012-07-23 19:06 388096 ----a-r- c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-23 19:06 . 2012-07-23 19:06 -------- d-----w- c:\program files\Trend Micro

2012-07-14 12:23 . 2012-07-23 18:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-14 12:23 . 2012-07-23 18:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-12 21:55 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-06-26 08:27 . 2012-06-26 08:27 -------- d-----w- c:\program files\Common Files\Adobe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 11:46 . 2012-05-15 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-21 06:46 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 06:46 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 06:46 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 06:46 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 06:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 06:46 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 06:46 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-21 06:46 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-21 06:46 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-01 04:44 . 2012-06-13 21:32 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17 . 2012-06-13 21:33 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-13 21:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-13 21:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-13 21:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-07-18 13:05 . 2011-05-08 19:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 15:25 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-10-5 66864]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTENG32\2PART\uxddrv86.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]

S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPService REG_MULTI_SZ HPSLPSVC

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:30]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43]

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - c21550820000000000000015af5d4279

FF - user.js: extensions.BabylonToolbar_i.hardId - c21550820000000000000015af5d4279

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15415

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:49

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23600296910981332684742012031612500825');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '5');

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

AddRemove-FoxTab PDF Creator - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-07-24 22:26:19

ComboFix-quarantined-files.txt 2012-07-24 20:26

.

Pre-Run: 66.873.098.240 bytes beschikbaar

Post-Run: 66.543.067.136 bytes beschikbaar

.

- - End Of File - - A4FBDA02064E8236898481C2657DDD33

kape · 25 juli 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox:

FF - ProfilePath - c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: keyword.URL -

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - c21550820000000000000015af5d4279

FF - user.js: extensions.BabylonToolbar_i.hardId - c21550820000000000000015af5d4279

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15415

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:49

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23600296910981332684742012031612500825');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '5');

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

IABK · 25 juli 2012

Laatste adviezen hoef ik niet meer op te volgen. Ik zit nu een tijdje te internetten en kom geen text enhance meer tegen.

Zelfs nu shockwave flash ingeschakeld is. ik ben hier onwijs blij mee. Heel erg bedankt!

kape · 25 juli 2012

Voor Text Enhance hoef je het laatste advies inderdaad niet te volgen, maar de aangeduide items kunnen beter van je PC gehaald worden. Daarna mag je Combofix verwijderen via Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

25 juli 2012 aangepast door kape
typo

IABK · 25 juli 2012

ComboFix 12-07-25.04 - V.O.F. Boersma 25-07-2012 18:05:59.3.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1465 [GMT 2:00]

Gestart vanuit: c:\users\V.O.F. Boersma\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\V.O.F. Boersma\Desktop\CFScript.txt

AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-25 to 2012-07-25 ))))))))))))))))))))))))))))))

.

2012-07-25 16:11 . 2012-07-25 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-24 20:26 . 2012-07-25 16:11 -------- d-----w- c:\users\V.O.F. Boersma\AppData\Local\temp