Ga naar inhoud

Help.. Ik wil FLV Runner Toolbar - Virus Removal Guide verwijderen.

Betje
 Delen

Aanbevolen berichten

  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: TNS NIPO Clicks - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Laus en Elze\AppData\Local\Wakoopa Shared\WakoopaBHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

O4 - Global Startup: Acer VCM.lnk = ?

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
Betje Meewerkend lid

Betje

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-10-26.05 - Laus en Elze 27-10-2012 21:38:40.1.4 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.31.1043.18.1012.200 [GMT 2:00]

Gestart vanuit: c:\users\Laus en Elze\Downloads\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Laus en Elze\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe

c:\users\Laus en Elze\AppData\Roaming\Error.log

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-27 to 2012-10-27 ))))))))))))))))))))))))))))))

.

.

2012-10-27 19:54 . 2012-10-27 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-27 15:01 . 2012-10-27 15:03 -------- d-----w- c:\program files\trend micro

2012-10-27 15:01 . 2012-10-27 15:03 -------- d-----w- C:\rsit

2012-10-26 18:52 . 2012-10-26 18:52 388096 ----a-r- c:\users\Laus en Elze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-26 18:52 . 2012-10-26 18:52 -------- d-----w- c:\program files\HiJack

2012-10-25 15:51 . 2012-10-25 15:51 -------- d-----w- c:\users\Laus en Elze\AppData\Local\CRE

2012-10-23 14:41 . 2012-10-23 14:41 -------- d-----w- c:\programdata\MSScanAppDataDir

2012-10-23 14:34 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2012-10-23 14:34 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll

2012-10-18 17:01 . 2012-10-18 17:01 -------- d-----w- c:\users\Laus en Elze\AppData\Roaming\Wakoopa

2012-10-18 17:01 . 2012-10-27 19:04 -------- d-----w- c:\users\Laus en Elze\AppData\Local\Wakoopa Shared

2012-10-18 17:00 . 2012-10-27 19:53 -------- d-----w- c:\users\Laus en Elze\AppData\Local\TNS NIPO Clicks

2012-10-18 16:06 . 2008-10-01 18:01 1995776 ----a-w- c:\windows\system32\vcl120.bpl

2012-10-18 16:06 . 2008-10-01 18:01 1095168 ----a-w- c:\windows\system32\rtl120.bpl

2012-10-18 16:05 . 2012-10-19 12:44 -------- d-----w- c:\programdata\MyPoiWorld

2012-10-18 16:00 . 2012-10-18 16:00 -------- d-----w- c:\program files\Dnote Software

2012-10-11 08:29 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-11 08:27 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-11 08:21 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-10-11 08:21 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-11 08:21 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-09-29 10:04 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-24 13:43 . 2012-08-24 13:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-08-24 06:59 . 2012-09-25 13:54 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-25 13:54 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-25 13:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-25 13:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-25 13:54 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-25 13:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-22 17:16 . 2012-09-13 09:05 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 17:16 . 2012-09-13 09:05 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 17:16 . 2012-09-13 09:05 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 17:16 . 2012-09-13 09:05 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-02 16:57 . 2012-09-13 09:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-07-31 20:03 . 2012-07-31 20:03 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-31 20:03 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-31 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2009-10-16 08:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mobile Partner"="c:\program files\WEB Partner\WEB Partner" [X]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-09-13 23069600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]

"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]

"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]

"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-07-01 1103440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 715368]

"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2011-05-10 408128]

"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2011-05-10 508992]

"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2011-05-10 492096]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-31 1147488]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-03-22 1406248]

"NBHGui"="c:\program files\Nero\Tools\InCD\NBHGui.exe" [2009-10-16 1600816]

"InCD"="c:\program files\Nero\Tools\InCD\InCD.exe" [2009-10-16 1060136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]

Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2012-7-19 541976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [x]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863504456-2856911146-1323721928-1000Core.job

- c:\users\Laus en Elze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 19:18]

.

2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863504456-2856911146-1323721928-1000UA.job

- c:\users\Laus en Elze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 19:18]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://acer.msn.com

IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-TNS NIPO Clicks - c:\users\Laus en Elze\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(2868)

c:\program files\Nero\Tools\InCD\NBHshx.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Nero\Tools\InCD\InCDSrv.exe

c:\program files\Launch Manager\LMutilps32.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-27 22:03:01 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-27 20:03

.

Pre-Run: 265.543.835.648 bytes beschikbaar

Post-Run: 265.561.333.760 bytes beschikbaar

.

- - End Of File - - 99CF2440963A14BA6B1157438F07FD73

Link naar reactie
Delen op andere sites
Betje Meewerkend lid

Betje

Geplaatst:
  • Auteur
Geplaatst:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Laus en Elze at 2012-10-27 22:12:52

Microsoft Windows 7 Starter Service Pack 1

System drive C: has 253 GB (88%) free of 288 GB

Total RAM: 1012 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:13:10, on 27-10-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laus en Elze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Laus en Elze\Desktop\RSIT.exe

C:\Program Files\trend micro\Laus en Elze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: TNS NIPO Clicks - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Laus en Elze\AppData\Local\Wakoopa Shared\WakoopaBHO.dll (file missing)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

O4 - HKLM\..\Run: [iSyncData] C:\Program Files\Acer\Android Manager\iSync.exe

O4 - HKLM\..\Run: [AndroidManager] C:\Program Files\Acer\Android Manager\AML.exe

O4 - HKLM\..\Run: [iPatchData] C:\Program Files\Acer\Updater\iUpdate.exe

O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Tools\InCD\InCD.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files\WEB Partner\WEB Partner

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe

O4 - Global Startup: Camera Monitor SD.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\InCDSrv.exe

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

--

End of file - 10061 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-863504456-2856911146-1323721928-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-863504456-2856911146-1323721928-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]

AVG Do Not Track - C:\Program Files\AVG\AVG2012\avgdtiex.dll [2012-08-13 938104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll [2012-07-31 2086496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-13 4120256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-06-07 1152264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773}]

TNS NIPO Clicks - C:\Users\Laus en Elze\AppData\Local\Wakoopa Shared\WakoopaBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-06-07 1152264]

{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll [2012-07-31 2086496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-02-11 10025576]

"SuiteTray"=C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]

"EgisTecPMMUpdate"=C:\Program Files\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432]

"EgisUpdate"=C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-01-11 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-01-11 173592]

"Persistence"=C:\Windows\system32\igfxpers.exe [2011-01-11 150552]

"LManager"=C:\Program Files\Launch Manager\LManager.exe [2011-07-01 1103440]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-10-08 1934632]

"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 715368]

"iSyncData"=C:\Program Files\Acer\Android Manager\iSync.exe [2011-05-10 408128]

"AndroidManager"=C:\Program Files\Acer\Android Manager\AML.exe [2011-05-10 508992]

"iPatchData"=C:\Program Files\Acer\Updater\iUpdate.exe [2011-05-10 492096]

"Anti-phishing Domain Advisor"=C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2012-05-03 217256]

"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-07-31 2596984]

"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-07-31 1147488]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-03-22 1406248]

"NBHGui"=C:\Program Files\Nero\Tools\InCD\NBHGui.exe [2009-10-16 1600816]

"InCD"=C:\Program Files\Nero\Tools\InCD\InCD.exe [2009-10-16 1060136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2012-07-26 247768]

"VoipBuster"=C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe [2012-09-13 23069600]

"Mobile Partner"=C:\Program Files\WEB Partner\WEB Partner []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe

Camera Monitor SD.lnk - C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2010-10-24 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-07-18 203776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-10-27 22:03:02 ----A---- C:\ComboFix.txt

2012-10-27 21:57:58 ----D---- C:\$RECYCLE.BIN

2012-10-27 21:34:47 ----A---- C:\Windows\zip.exe

2012-10-27 21:34:47 ----A---- C:\Windows\SWSC.exe

2012-10-27 21:34:47 ----A---- C:\Windows\SWREG.exe

2012-10-27 21:34:47 ----A---- C:\Windows\sed.exe

2012-10-27 21:34:47 ----A---- C:\Windows\PEV.exe

2012-10-27 21:34:47 ----A---- C:\Windows\NIRCMD.exe

2012-10-27 21:34:47 ----A---- C:\Windows\MBR.exe

2012-10-27 21:34:47 ----A---- C:\Windows\grep.exe

2012-10-27 21:34:12 ----D---- C:\Qoobox

2012-10-27 21:32:57 ----D---- C:\Windows\erdnt

2012-10-27 17:01:54 ----D---- C:\Program Files\trend micro

2012-10-27 17:01:52 ----D---- C:\rsit

2012-10-26 20:52:06 ----D---- C:\Program Files\HiJack

2012-10-23 16:41:47 ----D---- C:\ProgramData\MSScanAppDataDir

2012-10-23 16:35:09 ----A---- C:\Windows\ODBC.INI

2012-10-23 16:34:49 ----A---- C:\Windows\system32\mdimon.dll

2012-10-18 19:01:21 ----D---- C:\Users\Laus en Elze\AppData\Roaming\Wakoopa

2012-10-18 18:05:53 ----D---- C:\ProgramData\MyPoiWorld

2012-10-18 18:00:07 ----D---- C:\Program Files\Dnote Software

2012-10-11 10:29:04 ----A---- C:\Windows\system32\wintrust.dll

2012-10-11 10:28:58 ----A---- C:\Windows\system32\tzres.dll

2012-10-11 10:28:38 ----A---- C:\Windows\system32\kernel32.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-10-11 10:28:34 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-11 10:28:34 ----A---- C:\Windows\system32\winsrv.dll

2012-10-11 10:28:34 ----A---- C:\Windows\system32\KernelBase.dll

2012-10-11 10:28:34 ----A---- C:\Windows\system32\conhost.exe

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-10-11 10:28:33 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-10-11 10:28:15 ----A---- C:\Windows\system32\cryptsvc.dll

2012-10-11 10:28:15 ----A---- C:\Windows\system32\cryptnet.dll

2012-10-11 10:28:15 ----A---- C:\Windows\system32\crypt32.dll

2012-10-11 10:27:44 ----A---- C:\Windows\system32\drivers\ntfs.sys

2012-10-11 10:21:30 ----A---- C:\Windows\system32\kerberos.dll

2012-10-11 10:21:26 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-10-11 10:21:26 ----A---- C:\Windows\system32\ntkrnlpa.exe

2012-09-29 12:04:48 ----A---- C:\Windows\system32\OxpsConverter.exe

======List of files/folders modified in the last 1 month======

2012-10-27 22:03:08 ----D---- C:\Windows\system32\drivers

2012-10-27 22:03:05 ----D---- C:\Windows\Temp

2012-10-27 21:58:02 ----D---- C:\Windows

2012-10-27 21:58:02 ----A---- C:\Windows\system.ini

2012-10-27 21:57:56 ----D---- C:\Windows\system32\drivers\etc

2012-10-27 21:56:10 ----D---- C:\ProgramData\Bitmeter2

2012-10-27 21:56:00 ----D---- C:\Windows\Microsoft.NET

2012-10-27 21:46:59 ----D---- C:\Windows\System32

2012-10-27 21:46:58 ----D---- C:\Windows\AppPatch

2012-10-27 21:46:54 ----D---- C:\Program Files\Common Files

2012-10-27 19:40:06 ----D---- C:\Windows\system32\config

2012-10-27 19:06:54 ----D---- C:\ProgramData\MFAData

2012-10-27 17:01:54 ----RD---- C:\Program Files

2012-10-27 16:54:14 ----D---- C:\Windows\system32\drivers\AVG

2012-10-27 11:53:41 ----D---- C:\Users\Laus en Elze\AppData\Roaming\Skype

2012-10-26 20:52:09 ----SHD---- C:\Windows\Installer

2012-10-26 20:52:07 ----SD---- C:\Users\Laus en Elze\AppData\Roaming\Microsoft

2012-10-26 20:51:35 ----SHD---- C:\System Volume Information

2012-10-26 19:06:44 ----D---- C:\Windows\system32\catroot2

2012-10-25 23:09:42 ----A---- C:\Windows\win.ini

2012-10-25 23:09:28 ----D---- C:\Program Files\Common Files\System

2012-10-25 15:19:06 ----D---- C:\Windows\system32\NDF

2012-10-23 18:03:03 ----D---- C:\Windows\system32\Tasks

2012-10-23 17:07:55 ----D---- C:\Windows\SHELLNEW

2012-10-23 17:00:07 ----D---- C:\ProgramData\Microsoft Help

2012-10-23 17:00:06 ----RSD---- C:\Windows\assembly

2012-10-23 16:57:47 ----SD---- C:\ProgramData\Microsoft

2012-10-23 16:57:47 ----D---- C:\Program Files\Microsoft Office

2012-10-23 16:57:46 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

2012-10-23 16:57:46 ----D---- C:\Program Files\Common Files\microsoft shared

2012-10-23 16:56:50 ----D---- C:\Program Files\MSBuild

2012-10-23 16:41:47 ----D---- C:\ProgramData

2012-10-23 16:30:38 ----D---- C:\Windows\inf

2012-10-23 16:22:51 ----D---- C:\Windows\system

2012-10-23 16:21:37 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-10-11 14:08:05 ----D---- C:\Windows\winsxs

2012-10-11 14:06:20 ----D---- C:\Windows\system32\nl-NL

2012-10-11 14:06:20 ----D---- C:\Windows\system32\fr-FR

2012-10-11 14:06:20 ----D---- C:\Windows\system32\en-US

2012-10-11 10:46:50 ----D---- C:\Windows\debug

2012-10-11 10:46:37 ----A---- C:\Windows\system32\MRT.exe

2012-10-11 10:27:41 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-06 354840]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]

R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2012-07-26 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2012-08-24 301920]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2012-07-31 27496]

R1 InCDRec;Nero UDF File System Recognizer Driver; C:\Windows\system32\DRIVERS\InCDRec.sys [2009-10-16 19096]

R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-26 21600]

R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-26 16936]

R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-26 62240]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-10-24 4807168]

R3 InCDFs;Nero UDF File System Driver; C:\Windows\system32\DRIVERS\InCDFs.sys [2009-10-16 130200]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-02-11 3396136]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETwNs32.sys [2011-01-04 7435264]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-03-07 252520]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-10-08 1314736]

S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]

S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]

S3 catchme;catchme; \??\C:\Users\LAUSEN~1\AppData\Local\Temp\catchme.sys []

S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2010-03-24 204288]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]

S3 InCDPass;Nero InCDPass Driver; C:\Windows\system32\DRIVERS\InCDPass.sys [2009-10-16 48280]

S3 mbr;mbr; \??\C:\Users\LAUSEN~1\AppData\Local\Temp\mbr.sys []

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2011-07-01 353360]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 739944]

R2 GREGService;GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [2011-05-26 29696]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

R2 IconMan_R;IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]

R2 InCDSrv;InCD Helper; C:\Program Files\Nero\Tools\InCD\InCDSrv.exe [2009-10-16 1420592]

R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]

R2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe [2009-10-16 53560]

R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]

R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]

R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-07-31 830048]

S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]

S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]

S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]

S3 GamesAppService;GamesAppService; C:\Program Files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites
Betje Meewerkend lid

Betje

Geplaatst:
  • Auteur
Geplaatst:

Beste Kape,

Ik heb geprobeerd de stappen uit te voeren, echter een aantal regels zul je weer terug vinden, omdat ik die niet weg kreeg na verscheidene pogingen.

De Combofix log is verstuurd, maar via RSIT heb ik het log bestand in het kladblok gekregen, maar niet de info. Het logbestand heb ik net ook doorgestuurd.

Echter die verrekte TOOLBAR is nog steeds aanwezig.

Kan ik de AVG weer instellen..............?

Groeten, Betje.

Link naar reactie
Delen op andere sites
Betje Meewerkend lid

Betje

Geplaatst:
  • Auteur
Geplaatst:

Onderstaande regels kreeg ik niet weg.

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: TNS NIPO Clicks - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Laus en Elze\AppData\Local\Wakoopa Shared\WakoopaBHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

Groeten, Betje.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    4f8d1a3bd3fbd-EmsisoftEK11.jpg
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    4f8d1a4d61ffa-EmsisoftEK2.jpg
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites
Betje Meewerkend lid

Betje

Geplaatst:
  • Auteur
Geplaatst:

Sorry, ik moet wachten op een verbinding met onbeperkt internet.

Dagelijks heb ik maar 100 Mb tot mijn beschikking.

We reizen in Spanje met de camper en hebben internet via de Carrefour.

Prima voor dagelijks gebruik.

Eind van de week willen we naar een camperplaats met internet. Ik zal moeten wachten tot dan.

Tot nu toe heb ik veel bewondering voor je hulp.

Ik hoop, dat ik hier eind van de week op terug mag komen.

Voor nu een prettige zondag en tot later.............groeten, Betje.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.