buma/stemra politie virus (raar verwijderd)

sjaakie11 · 6 december 2012

ik had avg voor 15mins uitgeschakeld en toen die weer aan ging (tijdens scan) snel uitgezet, tijdens uitzetten gaf die wel melding dat het gevaarlijk was maar ik klikte op ''toestaan'' en hij was al uitgeschakeld.

hier is het logje:

ComboFix 12-12-04.01 - Gonny 06-12-2012 14:48:21.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2172 [GMT 1:00]

Gestart vanuit: c:\users\sjoerd van wijk\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Complitly

c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx

c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe

c:\program files (x86)\Complitly\FireFoxUninstaller.exe

c:\program files (x86)\Complitly\InstTracker.exe

c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js

c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js

c:\program files (x86)\Complitly\support@Complitly.com\install.rdf

c:\program files (x86)\Complitly\System.Data.SQLite.dll

c:\program files (x86)\Complitly\unins000.dat

c:\program files (x86)\Complitly\unins000.exe

c:\program files (x86)\DealBulldog Toolbar

c:\program files (x86)\Java\jre7\bin\ssv.dll

c:\program files (x86)\Vid-Saver

c:\program files (x86)\Vid-Saver\Uninstall.exe

c:\program files (x86)\Vid-Saver\Vid-Saver-bg.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.ico

c:\program files (x86)\Vid-Saver\Vid-Saver.ini

c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log

c:\users\Gonny\AppData\Local\TempDIR

c:\users\Gonny\AppData\Local\Vid-Saver

c:\users\Gonny\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx

c:\users\sjoerd van wijk\AppData\Local\Microsoft\Windows\Temporary Internet Files\{031641D0-F9EF-4BC8-8CC5-13624FAFED2A}.xps

c:\users\sjoerd van wijk\AppData\Local\Microsoft\Windows\Temporary Internet Files\{26257CC0-29FF-4C83-8D9D-FC614A1381CC}.xps

c:\users\sjoerd van wijk\AppData\Local\Microsoft\Windows\Temporary Internet Files\{660248E9-0C63-4AA1-8B49-B9F18E42F6F2}.xps

c:\users\sjoerd van wijk\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABD742DF-81EB-4B17-B094-7FC40F0A4989}.xps

c:\users\sjoerd van wijk\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4442303-26D5-4ACB-B761-68E70872AF7E}.xps

c:\users\sjoerd van wijk\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDF95C4E-DBDC-4AD2-9F79-5FBB1DBA3EAE}.xps

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-06 to 2012-12-06 ))))))))))))))))))))))))))))))

.

2012-12-06 13:57 . 2012-12-06 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-06 13:57 . 2012-12-06 13:57 -------- d-----w- c:\users\Rianne van Wijk\AppData\Local\temp

2012-12-06 13:57 . 2012-12-06 13:57 -------- d-----w- c:\users\Gonny\AppData\Local\temp

2012-12-05 22:30 . 2012-12-05 22:30 -------- d-----w- c:\program files\CCleaner

2012-12-05 16:46 . 2012-12-05 20:46 -------- d-----w- c:\program files (x86)\BootRacer

2012-12-05 14:01 . 2012-12-05 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-05 14:01 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-20 19:39 . 2012-11-20 19:39 388096 ----a-r- c:\users\sjoerd van wijk\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-20 19:38 . 2012-11-20 19:38 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-18 13:05 . 2012-11-18 13:06 -------- d-----w- c:\program files (x86)\Google

2012-11-18 13:05 . 2012-11-18 13:05 -------- d-----w- c:\users\Gonny\AppData\Local\Apps

2012-11-18 13:04 . 2012-11-18 13:05 -------- d-----w- c:\users\Gonny\AppData\Local\Deployment

2012-11-17 02:10 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui

2012-11-17 02:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-17 02:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-17 02:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-17 02:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-17 02:03 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-17 02:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-17 02:03 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-17 02:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-17 02:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-17 02:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 14:48 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-16 14:48 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-16 14:48 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-16 14:48 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-14 21:29 . 2012-11-14 21:29 388096 ----a-r- c:\users\Gonny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-10 21:08 . 2012-11-10 21:08 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-10 21:07 . 2012-11-10 21:07 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-10 10:49 . 2012-11-10 10:49 -------- d-----w- c:\program files (x86)\Java

2012-11-09 21:49 . 2012-11-09 21:49 -------- d-----w- c:\users\Gonny\AppData\Local\ElevatedDiagnostics

2012-11-08 20:50 . 2012-11-08 20:50 -------- d-----w- c:\users\sjoerd van wijk\AppData\Roaming\Malwarebytes

2012-11-08 17:57 . 2012-12-05 13:59 -------- d-----w- c:\users\Gonny\AppData\Roaming\Complitly

2012-11-06 23:25 . 2012-11-06 23:25 -------- d-----w- c:\users\Gonny\AppData\Roaming\Malwarebytes

2012-11-06 23:25 . 2012-11-06 23:25 -------- d-----w- c:\programdata\Malwarebytes

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-10 21:07 . 2012-06-04 14:08 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-10 21:07 . 2011-02-06 17:47 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-05 14:03 . 2012-08-30 19:36 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-10-16 08:38 . 2012-11-28 14:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 14:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 14:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 14:01 . 2012-05-16 13:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 14:01 . 2012-05-16 13:44 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-15 07:07 . 2011-03-02 17:30 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-09-14 19:19 . 2012-10-10 20:26 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 20:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2012-05-31 200784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17_Premium_Speciale_Editie_Download-versie\TrayServer_nl.exe" [2008-09-10 90112]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-05 997320]

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608]

.

c:\users\Rianne van Wijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\users\Gonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\users\sjoerd van wijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-22 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-05 30568]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe [2010-03-08 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-02 202752]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 BootRacerServ;BootRacerServ;c:\program files (x86)\BootRacer\BootRacerServ.exe [2012-05-31 65296]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-05 711112]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-04-20 303648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-08 340512]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-03-11 38456]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 14:01]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18 13:05]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18 13:05]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

2012-07-29 09:23 205144 ----a-w- c:\program files\Web Assistant\Extension64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-08 487424]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Gonny\AppData\Roaming\Mozilla\Firefox\Profiles\ieum5cih.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb178?a=6R8DkUnbZe&i=26

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10001&q=

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00220/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 5611f8ee000000000000c0cb386fa688

FF - user.js: extensions.Softonic.instlDay - 15578

FF - user.js: extensions.Softonic.vrsn - 1.6.7.4

FF - user.js: extensions.Softonic.vrsni - 1.6.7.4

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.413:48

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00220

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

FF - user.js: extentions.y2layers.installId - 036c48b7-8cf6-4d14-90fd-e6230d2edbef

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8DkUnbZe&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5611f8ee000000000000c0cb386fa688

FF - user.js: extensions.incredibar_i.instlDay - 15579

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:14

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8DkUnbZe

FF - user.js: extensions.incredibar_i.upn2n - 92824952155277320

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 989

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-06 15:02:52

ComboFix-quarantined-files.txt 2012-12-06 14:02

.

Pre-Run: 391.021.096.960 bytes beschikbaar

Post-Run: 394.165.313.536 bytes beschikbaar

.

- - End Of File - - 84C3562CBCE5BA7B231378BFAD5D5448

kweezie wabbit · 6 december 2012

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\Web Assistant

c:\users\Gonny\AppData\Roaming\Complitly

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

Firefox::

FF - ProfilePath - c:\users\Gonny\AppData\Roaming\Mozilla\Firefox\Profiles\ieum5cih.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00220/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 5611f8ee000000000000c0cb386fa688

FF - user.js: extensions.Softonic.instlDay - 15578

FF - user.js: extensions.Softonic.vrsn - 1.6.7.4

FF - user.js: extensions.Softonic.vrsni - 1.6.7.4

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.413:48

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00220

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

FF - user.js: extentions.y2layers.installId - 036c48b7-8cf6-4d14-90fd-e6230d2edbef

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8DkUnbZe&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5611f8ee000000000000c0cb386fa688

FF - user.js: extensions.incredibar_i.instlDay - 15579

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:14

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8DkUnbZe

FF - user.js: extensions.incredibar_i.upn2n - 92824952155277320

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 989

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

6 december 2012 aangepast door kape
Folder & Registry toegevoegd

sjaakie11 · 6 december 2012

moet ik avg nu uitzetten?

kweezie wabbit · 6 december 2012

Best wel ja.

sjaakie11 · 6 december 2012

ik kan het max 15mins uit zetten, dan moet ik het weer uitzetten (5sec werk), ik heb alleen een snelkoppeling op het bureaublad gekregen, is dit goed? anders kunt u het precies uitleggen hoe dat dan moet :s

kweezie wabbit · 6 december 2012

Je kan AVG ook uitschakelen tot aan de volgende opstart.

Na de scan kan je dan weer inschakelen.

ik heb alleen een snelkoppeling op het bureaublad gekregen,

Snelkoppeling waarvan? Van het bestand CFScript?

Als je het bestand met het scriptje opslaat, moet je als lokatie je bureaublad opgeven.

Lees anders een de handleiding voor het maken van een combofix scriptje.

sjaakie11 · 6 december 2012

oke dat heb ik gedaan, ga nu het erin slepen.

sjaakie11 · 6 december 2012

ik sleep het erin > het begint met scannen > na 1-2mins krijg ik dit:

na 20mins staat dat^ er nog steeds... tewijl de 1ste keer het gewoon door ging.

ik sloot het maar af want dat duurde zo lang, ik wou weer hierheen kreeg ik dit:

alleen door te herstarten kon ik weer op internet.

kape · 6 december 2012

Start de PC opnieuw op een voer hetzelfde met Combofix uit, maar doe het nu in "veilige modus".

sjaakie11 · 6 december 2012

is er een manier om altijd de ''fn'' toets ingeschakeld te hebben? ik las ergens dat dat met numlock moest maar die staat niet op mijn toetsenbord. moet ik als ik op f8 druk tijdens opstarten ook de ''fn'' toets ingedrukt houden of niet? ik ben er niet zeker van of ik nou ik veilige modus zit of niet..

Inloggen

buma/stemra politie virus (raar verwijderd)

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie