Standaard zoekmachine [Archief]

Volledige versie bekijken : Standaard zoekmachine

Duellum

11 November 2011, 17:56

Mijn standaard zoekmachine verandert steeds van Google naar Yahoo.Dit na het downloaden van de Youtubedownloader.
Hier mijn logje:

---------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:52:42, on 11/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sven\AppData\Local\Google\Update\GoogleUp date.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7444 bytes

---------------------------------------------------------------------------------------------------------

Alvast bedankt,
Duellum

Juisterr

12 November 2011, 20:34

Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
http://www.imgdumper.nl/uploads4/4de6eab686b90/4de6eab6867f3-Combofix.JPG

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Duellum

13 November 2011, 01:23

ComboFix 11-11-12.04 - Sven 13/11/2011 0:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4095.2226 [GMT 1:00]
Gestart vanuit: c:\users\Sven\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-12 to 2011-11-12 ))))))))))))))))))))))))))))))
.
.
2011-11-12 23:18 . 2011-11-12 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-12 08:34 . 2011-10-27 08:02 147472 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-11-12 08:34 . 2011-11-12 08:34 -------- d-----w- c:\programdata\ESL Wire
2011-11-12 08:11 . 2011-08-03 08:58 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2011-11-12 08:10 . 2011-08-03 08:58 25528 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2011-11-12 08:10 . 2011-11-12 08:34 -------- d-----w- c:\program files\EslWire
2011-11-11 15:58 . 2011-11-11 15:58 -------- d-----w- c:\programdata\Malwarebytes
2011-11-11 15:58 . 2011-11-11 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-11 15:58 . 2011-11-11 15:58 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-11-11 15:58 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-11 15:43 . 2011-11-11 15:43 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-11 08:19 . 2011-11-11 08:19 -------- d-----w- c:\program files\CCleaner
2011-11-11 07:35 . 2011-11-11 08:21 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-11 07:34 . 2011-11-11 08:22 -------- d-----w- c:\programdata\Apple Computer
2011-11-11 07:34 . 2011-11-11 07:34 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-11 07:34 . 2011-11-11 07:34 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-11 07:33 . 2011-11-11 07:33 -------- d-----w- c:\program files\Common Files\Apple
2011-11-11 07:33 . 2011-11-11 07:33 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-11 07:33 . 2011-11-11 07:33 -------- d-----w- c:\program files\Bonjour
2011-11-11 07:33 . 2011-11-11 08:22 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-11 07:33 . 2011-11-11 07:34 -------- d-----w- c:\programdata\Apple
2011-11-09 20:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 20:41 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 20:41 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:41 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 10:49 . 2011-11-06 10:50 -------- d-----w- c:\program files (x86)\Google
2011-11-03 19:45 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-11-03 19:45 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-11-03 19:45 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-03 19:45 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-03 19:45 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-10-30 12:08 . 2011-10-30 12:08 -------- d-----w- c:\program files (x86)\Auslogics
2011-10-30 10:14 . 2011-10-30 10:14 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-10-30 02:20 . 2011-10-30 02:20 -------- d-----w- c:\windows\SysWow64\Wat
2011-10-30 02:20 . 2011-10-30 02:20 -------- d-----w- c:\windows\system32\Wat
2011-10-30 01:16 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-30 01:16 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-10-30 01:14 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-10-30 01:07 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-30 01:07 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-30 01:07 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-30 01:07 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-30 01:07 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-30 01:07 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-10-30 01:07 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-10-29 21:40 . 2011-10-29 21:40 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-10-29 19:02 . 2011-10-29 19:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\Markup.dll
2011-10-29 19:02 . 2011-10-29 19:02 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2011-10-29 15:28 . 2011-10-29 15:28 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-10-29 15:28 . 2011-11-12 16:51 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-29 15:28 . 2011-10-29 17:44 -------- d-----w- c:\programdata\AVG2012
2011-10-29 15:27 . 2011-10-29 15:27 -------- d-----w- c:\program files (x86)\AVG
2011-10-29 15:25 . 2011-10-29 15:25 -------- d--h--w- c:\programdata\Common Files
2011-10-29 15:25 . 2011-11-12 16:51 -------- d-----w- c:\programdata\MFAData
2011-10-29 15:22 . 2007-05-07 16:19 85504 ----a-w- c:\windows\SysWow64\DeathAdder64.cpl
2011-10-29 15:22 . 2010-09-30 22:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-10-29 15:22 . 2010-09-29 18:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-10-29 15:22 . 2010-04-19 15:04 12032 ----a-w- c:\windows\system32\drivers\dadder.sys
2011-10-29 15:22 . 2011-10-29 15:22 -------- d-----w- c:\program files (x86)\Razer
2011-10-29 14:58 . 2011-11-12 19:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-29 14:57 . 2011-11-05 17:31 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-10-29 14:57 . 2011-10-29 14:57 -------- d-----w- c:\programdata\EA Core
2011-10-29 14:51 . 2011-10-29 14:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-10-29 14:51 . 2011-10-29 14:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-10-29 14:51 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-10-29 14:44 . 2011-10-29 14:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-10-29 12:29 . 2011-10-29 12:29 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-10-29 12:28 . 2011-11-12 19:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-29 12:28 . 2011-11-12 19:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-29 12:28 . 2011-10-29 12:28 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-29 11:30 . 2011-10-29 12:19 -------- d-----w- c:\program files (x86)\StarCraft II
2011-10-29 11:30 . 2011-10-29 11:47 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-10-29 11:30 . 2011-10-29 11:46 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-10-29 11:25 . 2011-10-29 19:49 -------- d-----w- c:\program files (x86)\Origin Games
2011-10-29 11:25 . 2011-10-29 14:57 -------- d-----w- c:\programdata\Electronic Arts
2011-10-29 11:25 . 2011-10-29 14:57 -------- d-----w- c:\programdata\Origin
2011-10-29 11:24 . 2011-11-12 08:31 -------- d-sh--w- c:\windows\Installer
2011-10-29 11:24 . 2011-11-10 17:16 -------- d-----w- c:\program files (x86)\Origin
2011-10-29 11:23 . 2011-10-29 10:44 -------- d-----w- c:\windows\Panther
2011-10-29 11:21 . 2011-11-12 08:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-29 11:21 . 2011-10-29 11:21 -------- d-----w- c:\windows\SysWow64\Macromed
2011-10-29 11:21 . 2011-10-29 11:21 -------- d-----w- c:\windows\system32\Macromed
2011-10-29 11:14 . 2011-10-29 11:14 -------- d-----w- C:\Windows.old
2011-10-29 11:12 . 2011-10-29 11:12 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-10-29 11:12 . 2011-10-29 11:12 -------- d-----w- c:\windows\system32\wbem\en-US
2011-10-29 11:00 . 2011-10-29 11:00 -------- d-----w- c:\programdata\ATI
2011-10-29 11:00 . 2011-10-29 11:00 -------- d-----w- c:\programdata\AMD
2011-10-29 10:59 . 2011-10-29 10:59 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-10-29 10:59 . 2011-10-29 11:00 -------- d-----w- c:\program files\ATI Technologies
2011-10-29 10:59 . 2011-10-29 10:59 -------- d-----w- c:\program files\ATI
2011-10-29 10:56 . 2011-10-29 15:22 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-10-29 10:56 . 2011-10-29 11:18 -------- d--h--w- c:\program files (x86)\Temp
2011-10-29 10:56 . 2011-10-29 10:56 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-10-29 10:44 . 2011-10-29 14:49 -------- d-----w- c:\users\Sven
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\users\Default\Sjablonen
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\users\Default\Mijn documenten
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\users\Default\Menu Start
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\programdata\Sjablonen
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\programdata\Menu Start
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\programdata\Favorieten
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\programdata\Documenten
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-sh--we c:\programdata\Bureaublad
2011-10-29 10:29 . 2011-10-29 10:29 -------- d--h--w- c:\programdata\CanonBJ
2011-10-29 10:29 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-10-29 10:28 . 2011-10-29 10:28 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-22 11:21 . 2011-10-22 11:21 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-10-07 05:23 . 2011-10-07 05:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-09-13 04:30 . 2011-09-13 04:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-10-27 2857984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGI DSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-07 365568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ES LWireACD.sys [x]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-08-03 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\AVGIDSFilter.Sys [x]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - ESLWIREAC
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 10:49]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 10:49]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2070816034-1129791382-1893503777-1001Core.job
- c:\users\Sven\AppData\Local\Google\Update\GoogleUp date.exe [2011-11-01 13:55]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2070816034-1129791382-1893503777-1001UA.job
- c:\users\Sven\AppData\Local\Google\Update\GoogleUp date.exe [2011-11-01 13:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 1e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-11-13 00:20:19
ComboFix-quarantined-files.txt 2011-11-12 23:20
.
Pre-Run: 41.466.040.320 bytes beschikbaar
Post-Run: 41.788.719.104 bytes beschikbaar
.
- - End Of File - - EE9B4041CDDB77F03A70B59A5D5E5908

Juisterr

13 November 2011, 13:33

Hoe staat het met de problemen ?

Duellum

13 November 2011, 16:10

Hoe staat het met de problemen ?

Denk dat alles in orde is.Heb ook iets verwijderd dat "spigot" noemde via ccleaner.Alles lijkt ok nu.

Juisterr

13 November 2011, 18:58

Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)

Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
http://www.imgdumper.nl/uploads4/4e4e40e012008/4e4e40e01106d-cfu.jpg

Ccleaner
Download CCleaner Slim (http://www.filehippo.com/download_ccleaner/)
Installeer CCleaner en start CCleaner op.

Klik in de linkse kolom op Cleaner.
Klik achtereenvolgens op Analyseren en Opschonen.
Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
Dan krijg je de vraag om een back-up te maken, klik op JA. en kies dan Herstel alle geselecteerde fouten.
Sluit hierna CCleaner af.

Om herbesmetting te vermijden, kan je deze tips eens nalezen:
Hoe voorkom ik een nieuwe infectie? (http://users.telenet.be/marcvn/spyware/1564073.htm)