Mededeling

Collapse
No announcement yet.

Chrome problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Chrome problemen

    Hallo allemaal

    Sinds kort zit Google Chrome in mijn opstart lijst. Ik denk sinds een Java-update
    Als ik hem verwijder staat hij met opnieuw opstarten er weer in.

    Het lijkt ook mijn pc te vertragen, ik heb met Winpatrol een Hijacklog gemaakt, ik hoop
    dat iemand raad weet. Thxxx alvast

  • #2
    Hoi diamant en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

    Download Malwarebytes Anti-Malware naar je bureaublad .

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    KLIK HIER voor een vergroting! 
    Klik op de foto voor een vergroting...

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    .
    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs. Dus een tweede "snelle scan" log enkel indien de VOLLEDIGE scan "iets" gevonden heeft.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    .___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scan
    • Klik op Clean
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "clean" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com
    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    ___________________________________________________________

    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hallo, ik geloof dat ik alles heb gedaan, niet in 1x, ben na Mbam naar bed gegaan en vandaag dooorgegaan met de rest. Ik moet de boel als tekst plaatsten begrijp ik
      Mbam:

      Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2014.06.19.08

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.17126
      Yvonne :: YVONNE-PC [administrator]

      Bescherming: Ingeschakeld

      19-6-2014 21:13:37
      mbam-log-2014-06-19 (21-13-37).txt

      Scan type: Volledige scan (C:\|D:\|F:\|Z:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 369991
      Verstreken tijd: 30 minuut/minuten, 22 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 2
      HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Geen actie ondernomen.
      HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Geen actie ondernomen.

      Registerwaarden gedetecteerd: 1
      HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0X2O1C0R2R1R -> Geen actie ondernomen.

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 10
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\STG (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

      Bestanden gedetecteerd: 22
      C:\ProgramData\COMODO\Cis\Quarantine\data\{2A649239-A1F8-4A0B-A496-897DB86BC331} (PUP.Optional.BundleInstaller.A) -> Geen actie ondernomen.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{6545A229-DB13-4237-AACB-E7215794520F} (PUP.Optional.BundleInstaller.A) -> Geen actie ondernomen.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{6836FA96-C752-4921-B5F8-25F00BD90604} (PUP.Optional.Melondrea.A) -> Geen actie ondernomen.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{7567FEF6-54F7-4E01-8AD4-B18D83B25C16} (PUP.Optional.Solimba) -> Geen actie ondernomen.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{F844A0CB-86DA-4C03-A359-6DC1C09F2C2B} (PUP.Optional.Solimba) -> Geen actie ondernomen.
      F:\Back-up 31-01-2014\Downloads\SoftonicDownloader_voor_vlc-media-player.exe (PUP.Optional.Softonic.A) -> Geen actie ondernomen.
      F:\Downloads\SoftonicDownloader_voor_vlc-media-player.exe (PUP.Optional.Softonic.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\bl.txt (PUP.Optional.RegCleanerPro.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Dutch_rcp.dat (PUP.Optional.RegCleanerPro.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_02-06-2014.log (PUP.Optional.RegCleanerPro.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Users\Yvonne\AppData\Local\SearchProtect\UI\rep\UIRepository.dat (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.
      C:\Program Files\Malwarebytes Anti-Malware 2014\Keygen for v2.0.1.1004.zip (Dont.Steal.Our.Software) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{047524F2-4655-401A-A6A1-BE281EC7F087} (Dont.Steal.Our.Software) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{07C9C22F-24DD-4FB0-A364-FEF172C69F73} (Dont.Steal.Our.Software) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{0D4C38CF-56A7-4617-B340-79A64739332B} (Dont.Steal.Our.Software) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{6CC30BE1-D8BA-4350-96C7-442CBF56030A} (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{9A9331A9-79C1-47CD-A7B7-9930ABD68126} (Dont.Steal.Our.Software) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{D8EC3C29-844C-45A2-A456-55579B34A82C} (Dont.Steal.Our.Software) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\ProgramData\COMODO\Cis\Quarantine\data\{DD1F0355-0A91-4A5A-AE05-11E08E5B8C9D} (Dont.Steal.Our.Software) -> Succesvol in quarantaine geplaatst en verwijderd.

      (einde)

      Mbam2:

      Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2014.06.19.08

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.17126
      Yvonne :: YVONNE-PC [administrator]

      Bescherming: Ingeschakeld

      19-6-2014 21:46:11
      mbam-log-2014-06-19 (21-46-11).txt

      Scan type: Snelle scan
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 247191
      Verstreken tijd: 3 minuut/minuten, 16 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 2
      HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Succesvol in quarantaine geplaatst en verwijderd.

      Registerwaarden gedetecteerd: 1
      HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0X2O1C0R2R1R -> Succesvol in quarantaine geplaatst en verwijderd.

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 10
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\STG (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

      Bestanden gedetecteerd: 7
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\bl.txt (PUP.Optional.RegCleanerPro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Dutch_rcp.dat (PUP.Optional.RegCleanerPro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_02-06-2014.log (PUP.Optional.RegCleanerPro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
      C:\Users\Yvonne\AppData\Local\SearchProtect\UI\rep\UIRepository.dat (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

      (einde)

      Adwcleaner:

      # AdwCleaner v3.212 - Rapport aangemaakt 20/06/2014 op 09:21:02
      # Laatste Update 05/06/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : Yvonne - YVONNE-PC
      # Gestart vanuit : D:\Downloads\adwcleaner_3.212.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\Program Files (x86)\BrowseMark
      Map Verwijderd : C:\Program Files (x86)\Mobogenie
      Map Verwijderd : C:\Program Files (x86)\RegClean Pro
      Map Verwijderd : C:\Program Files (x86)\System Speedup
      Map Verwijderd : C:\Users\Yvonne\AppData\Local\Mobogenie
      Map Verwijderd : C:\Users\Yvonne\AppData\Local\SwvUpdater
      Map Verwijderd : C:\Users\Yvonne\AppData\Roaming\1H1Q
      Map Verwijderd : C:\Users\Yvonne\AppData\Roaming\AppCloudUpdater
      Map Verwijderd : C:\Users\Yvonne\AppData\Roaming\AppSafe
      Map Verwijderd : C:\Users\Yvonne\AppData\Roaming\System Speedup
      Map Verwijderd : C:\Users\Yvonne\AppData\Roaming\Systweak
      Map Verwijderd : C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppSafe
      Bestand Verwijderd : C:\Users\Yvonne\daemonprocess.txt

      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-mail[1]_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-mail[1]_RASMANCS
      Sleutel Verwijderd : HKCU\Software\UpdateStar

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17126


      -\\ Mozilla Firefox v28.0 (nl)

      [ Bestand : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\79gfrloi.default\prefs.js ]


      [ Bestand : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\d985e5yy.default\prefs.js ]

      Regel verwijderd : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.85\",\"d\":\"060614\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/i\"]}]}
      Regel verwijderd : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.71\",\"d\":\"050714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con
      Regel verwijderd : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de
      Regel verwijderd : user_pref("extensions.trusted-ads.suggestions", "{\"u\":{\"v\":\"1.19\",\"d\":\"041614\"},\"t\":\"Verified Official Site\",\"s\":[{\"k\":\"amaz\",\"t\":\"amazon.com\",\"v\":\"www.amazon.com\",\"s\":\"

      [ Bestand : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\q8fdxvl9.default\prefs.js ]


      -\\ Google Chrome v35.0.1916.153

      [ Bestand : C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

      Verwijderd [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4D6CDA6F-BA2E-477F-BB62-4229A18A76B7&q={searchTerms}&SSPV=
      Verwijderd [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=68dc0c2800000000000000158336c342
      Verwijderd [Search Provider] : hxxp://nl.softonic.com/s/{searchTerms}
      Verwijderd [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4D6CDA6F-BA2E-477F-BB62-4229A18A76B7&SSPV=
      Verwijderd [Extension] : bopakagnckmlgajfccecajhnimjiiedh
      Verwijderd [Extension] : cmaiofennmphjldldcpphcechfnnohja

      *************************

      AdwCleaner[R0].txt - [3473 octets] - [20/06/2014 09:16:39]
      AdwCleaner[S0].txt - [3802 octets] - [20/06/2014 09:21:02]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3862 octets] ##########

      einde

      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
      Run by Yvonne at 9:27:16 on 2014-06-20
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7845.5564 [GMT 2:00]
      .
      AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
      FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
      C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe
      C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
      C:\Program Files\COMODO\COMODO Internet Security\cis.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
      C:\PROGRAM FILES (X86)\INTEL\INTEL(R) USB 3.0 EXTENSIBLE HOST CONTROLLER DRIVER\APPLICATION\IUSB3MON.EXE
      C:\Windows\system32\sppsvc.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://google.com/
      uSearch Bar = Preserve
      mWinlogon: Userinit = userinit.exe,
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
      uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
      uRun: [GoogleChromeAutoLaunch_96F5D6001B278CB9FAF90ECF2CB8F414] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      StartupFolder: C:\Users\Yvonne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
      TCP: NameServer = 10.221.121.141
      TCP: Interfaces\{4E4E62AB-82B0-4D61-B976-AD2DF59EB9AD} : DHCPNameServer = 10.221.121.141
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
      SSODL: WebCheck - <orphaned>
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
      x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
      x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\d985e5yy.default\
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
      R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
      R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 738472]
      R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48360]
      R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-4-24 2135232]
      R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-6-19 418376]
      R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-6-19 701512]
      R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-1-30 246488]
      R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-18 4972864]
      R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
      R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
      R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-7-18 129224]
      R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
      R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
      R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
      R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-19 25928]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
      S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 2264280]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-13 111616]
      S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-8 452088]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-1 19456]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-1 30208]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
      .
      =============== Created Last 30 ================
      .
      2014-06-20 07:16:49 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
      2014-06-20 07:15:42 -------- d-----w- C:\AdwCleaner
      2014-06-19 19:12:53 -------- d--h--w- C:\OneDriveTemp
      2014-06-19 19:11:09 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Malwarebytes
      2014-06-19 19:11:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-06-19 19:11:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      2014-06-01 09:01:33 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\DropboxMaster
      2014-05-22 12:33:36 -------- d-----w- C:\Users\Yvonne\AppData\Local\Comodo
      2014-05-22 12:33:34 57096 ----a-w- C:\Windows\System32\certsentry.dll
      2014-05-22 12:33:34 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
      2014-05-22 12:33:29 -------- d-----w- C:\Program Files (x86)\Comodo
      .
      ==================== Find3M ====================
      .
      2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
      2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
      2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
      2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
      2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-05-14 08:06:04 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-05-14 08:06:04 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
      2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
      2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
      2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
      2014-04-16 21:12:56 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
      2014-04-16 21:12:55 738472 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
      2014-04-16 21:12:55 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
      2014-04-14 18:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
      2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
      2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
      2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
      2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
      2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
      2014-03-31 12:43:23 40720 ----a-w- C:\Windows\System32\Partizan.exe
      2014-03-31 12:41:33 2 --shatr- C:\Windows\winstart.bat
      2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
      2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
      2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
      2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
      2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
      2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
      2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
      2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
      2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
      2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
      2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
      2014-03-25 19:22:29 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
      2014-03-25 19:22:28 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
      2014-03-25 19:22:25 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
      2014-03-25 19:22:23 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
      .
      ============= FINISH: 9:27:50,97 ===============

      Security check:

      Results of screen317's Security Check version 0.99.85
      Windows 7 Service Pack 1 x64 (UAC is enabled)
      Internet Explorer 11
      ``````````````Antivirus/Firewall Check:``````````````
      COMODO Antivirus
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      Java 7 Update 55
      Java version out of Date!
      Adobe Flash Player 13.0.0.214 Flash Player out of Date!
      Adobe Reader XI
      Mozilla Firefox (28.0)
      Google Chrome 35.0.1916.114
      Google Chrome 35.0.1916.153
      ````````Process Check: objlist.exe by Laurent````````
      WinPatrol winpatrol.exe
      Malwarebytes Anti-Malware mbamservice.exe
      Malwarebytes Anti-Malware mbamgui.exe
      Comodo Firewall cmdagent.exe
      Malwarebytes' Anti-Malware mbamscheduler.exe
      BillP Studios WinPatrol WinPatrol.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 2%
      ````````````````````End of Log``````````````````````


      Ik hoop dat het zo in orde is.... dank!!

      Comment


      • #4
        De volgende tools mag je eerst updaten, hoe je dit precies doet staat aangegeven in de links:
        Je PC herstarten hierna.


        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



        Download Combofix naar je bureaublad.
        (Dus niet naar een download map of temp map)

        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

        Als Combofix vraagt om een update, dan staat je dit toe.

        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
        Deze kan je vinden als C:\combofix.txt.

        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
        • Illegal operation attempted on a registry key that has been marked for deletion.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Combofix en dds log

          Hallo de progr. gedraaid, dit zijn de logs Ik hoop dat ik alles goed heb gedaan. Groetjes

          ComboFix 14-06-19.01 - Yvonne 20-06-2014 20:59:58.2.4 - x64
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7845.6096 [GMT 2:00]
          Gestart vanuit: d:\downloads\ComboFix.exe
          AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
          FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
          SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          .
          .
          (((((((((((((((((((( Bestanden Gemaakt van 2014-05-20 to 2014-06-20 ))))))))))))))))))))))))))))))
          .
          .
          2014-06-20 19:03 . 2014-06-20 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
          2014-06-20 18:38 . 2014-06-20 18:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-06-20 18:38 . 2014-06-20 18:38 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
          2014-06-20 18:38 . 2014-06-20 18:38 -------- d-----w- c:\windows\system32\Macromed
          2014-06-20 07:16 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
          2014-06-20 07:15 . 2014-06-20 07:21 -------- d-----w- C:\AdwCleaner
          2014-06-19 19:12 . 2014-06-19 19:12 -------- d-----w- C:\OneDriveTemp
          2014-06-19 19:11 . 2014-06-19 19:11 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Malwarebytes
          2014-06-01 09:01 . 2014-06-20 18:51 -------- d-----w- c:\users\Yvonne\AppData\Roaming\DropboxMaster
          2014-05-22 12:33 . 2014-05-22 12:33 -------- d-----w- c:\users\Yvonne\AppData\Local\Comodo
          2014-05-22 12:33 . 2014-05-22 12:33 57096 ----a-w- c:\windows\system32\certsentry.dll
          2014-05-22 12:33 . 2014-05-22 12:33 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
          2014-05-22 12:33 . 2014-05-22 12:33 -------- d-----w- c:\program files (x86)\Comodo
          .
          .
          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2014-06-13 14:06 . 2014-02-01 10:17 95414520 ----a-w- c:\windows\system32\MRT.exe
          2014-04-16 21:12 . 2013-09-24 09:54 105552 ----a-w- c:\windows\system32\drivers\inspect.sys
          2014-04-16 21:12 . 2013-09-24 09:54 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
          2014-04-16 21:12 . 2013-11-14 10:38 738472 ----a-w- c:\windows\system32\drivers\cmdguard.sys
          2014-04-16 21:12 . 2013-09-24 09:54 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
          2014-04-12 02:22 . 2014-05-15 10:21 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
          2014-04-12 02:22 . 2014-05-15 10:21 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
          2014-04-12 02:19 . 2014-05-15 10:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
          2014-04-12 02:19 . 2014-05-15 10:21 136192 ----a-w- c:\windows\system32\sspicli.dll
          2014-04-12 02:19 . 2014-05-15 10:21 28160 ----a-w- c:\windows\system32\secur32.dll
          2014-04-12 02:19 . 2014-05-15 10:21 1460736 ----a-w- c:\windows\system32\lsasrv.dll
          2014-04-12 02:19 . 2014-05-15 10:21 31232 ----a-w- c:\windows\system32\lsass.exe
          2014-04-12 02:12 . 2014-05-15 10:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
          2014-04-12 02:10 . 2014-05-15 10:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
          2014-03-31 12:43 . 2014-03-31 12:43 40720 ----a-w- c:\windows\system32\Partizan.exe
          2014-03-31 12:41 . 2014-03-31 12:41 2 --shatr- c:\windows\winstart.bat
          2014-03-25 19:22 . 2013-11-14 10:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
          2014-03-25 19:22 . 2013-09-24 09:53 363504 ----a-w- c:\windows\SysWow64\guard32.dll
          2014-03-25 19:22 . 2013-09-24 09:53 453680 ----a-w- c:\windows\system32\guard64.dll
          2014-03-25 19:22 . 2013-09-24 09:53 352984 ----a-w- c:\windows\system32\cmdvrt64.dll
          2014-03-25 19:22 . 2013-09-24 09:53 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
          2014-03-25 19:22 . 2013-09-24 09:53 284888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
          2014-03-25 19:22 . 2013-09-24 09:53 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
          2014-03-25 02:43 . 2014-05-15 10:20 14175744 ----a-w- c:\windows\system32\shell32.dll
          .
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
          REGEDIT4
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
          2014-04-18 10:20 948392 ----a-w- c:\program files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
          @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
          [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
          2014-06-19 19:04 233160 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\SkyDriveShell.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
          @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
          [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
          2014-06-19 19:04 233160 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\SkyDriveShell.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
          @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
          [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
          2014-06-19 19:04 233160 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\SkyDriveShell.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
          @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
          2014-05-28 23:44 131248 ----a-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
          @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
          2014-05-28 23:44 131248 ----a-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
          @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
          [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
          2014-05-28 23:44 131248 ----a-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
          .
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-03-22 527936]
          "GoogleChromeAutoLaunch_96F5D6001B278CB9FAF90ECF2CB8F414"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
          "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
          .
          c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
          Dropbox.lnk - c:\users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-6-1 33322976]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "ConsentPromptBehaviorAdmin"= 5 (0x5)
          "ConsentPromptBehaviorUser"= 3 (0x3)
          "EnableUIADesktopToggle"= 0 (0x0)
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
          "LoadAppInit_DLLs"=1 (0x1)
          .
          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
          R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
          R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
          R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
          R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
          R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
          R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
          R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
          S0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
          S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
          S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
          S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
          S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
          S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
          S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
          S3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
          S3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
          S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
          S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
          S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
          S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
          .
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
          2014-06-20 18:48 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
          .
          Inhoud van de 'Gedeelde Taken' map
          .
          2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 18:38]
          .
          2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31 12:03]
          .
          2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31 12:03]
          .
          .
          --------- X64 Entries -----------
          .
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
          @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
          [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
          2014-06-19 19:04 260808 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\SkyDriveShell64.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
          @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
          [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
          2014-06-19 19:04 260808 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\SkyDriveShell64.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
          @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
          [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
          2014-06-19 19:04 260808 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\SkyDriveShell64.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
          @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
          [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
          2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
          @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
          [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
          2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedViewOverlay]
          @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
          [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
          2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
          @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
          [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
          2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
          @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
          [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
          2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13636824]
          "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
          .
          ------- Bijkomende Scan -------
          .
          uLocal Page = c:\windows\system32\blank.htm
          uStart Page = hxxp://google.com/
          mLocal Page = c:\windows\SysWOW64\blank.htm
          IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
          TCP: DhcpNameServer = 10.221.121.141
          FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\d985e5yy.default\
          .
          .
          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
          .
          [HKEY_USERS\S-1-5-21-3513207872-1912893944-3790711704-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
          @Denied: (2) (LocalSystem)
          "Progid"="WindowsLiveMail.Email.1"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
          "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
          @Denied: (Full) (Everyone)
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
          "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
          "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
          "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
          "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
          "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
          .
          Voltooingstijd: 2014-06-20 21:05:29
          ComboFix-quarantined-files.txt 2014-06-20 19:05
          ComboFix2.txt 2014-06-20 15:50
          .
          Pre-Run: 76.940.959.744 bytes beschikbaar
          Post-Run: 76.508.024.832 bytes beschikbaar
          .
          - - End Of File - - 736130A692A12AA7A0114930556B0D89
          A36C5E4F47E84449FF07ED3517B43A31


          einde

          DDS (Ver_2012-11-20.01) - NTFS_AMD64
          Internet Explorer: 11.0.9600.17126
          Run by Yvonne at 21:14:17 on 2014-06-20
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7845.6497 [GMT 2:00]
          .
          AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
          FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
          .
          ============== Running Processes ===============
          .
          C:\Windows\system32\lsm.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\svchost.exe -k netsvcs
          C:\Windows\system32\svchost.exe -k GPSvcGroup
          C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
          C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          C:\Windows\system32\taskhost.exe
          C:\Windows\system32\taskeng.exe
          C:\Windows\system32\Dwm.exe
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
          C:\Windows\Explorer.EXE
          C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
          C:\Windows\system32\svchost.exe -k imgsvc
          C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
          C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
          C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
          C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
          C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
          C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
          C:\Windows\system32\SearchIndexer.exe
          C:\Program Files\COMODO\COMODO Internet Security\cis.exe
          C:\PROGRAM FILES (X86)\INTEL\INTEL(R) USB 3.0 EXTENSIBLE HOST CONTROLLER DRIVER\APPLICATION\IUSB3MON.EXE
          C:\Windows\system32\sppsvc.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\System32\cscript.exe
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = hxxp://google.com/
          BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
          uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
          mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
          StartupFolder: C:\Users\Yvonne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe
          uPolicies-Explorer: NoDrives = dword:0
          mPolicies-Explorer: NoDrives = dword:0
          mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
          mPolicies-System: ConsentPromptBehaviorUser = dword:3
          mPolicies-System: EnableUIADesktopToggle = dword:0
          IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
          TCP: NameServer = 10.221.121.141
          TCP: Interfaces\{4E4E62AB-82B0-4D61-B976-AD2DF59EB9AD} : DHCPNameServer = 10.221.121.141
          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
          SSODL: WebCheck - <orphaned>
          mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
          x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
          x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
          x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
          x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
          x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
          x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
          x64-Notify: igfxcui - igfxdev.dll
          x64-SSODL: WebCheck - <orphaned>
          .
          ================= FIREFOX ===================
          .
          FF - ProfilePath - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\d985e5yy.default\
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
          R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
          R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 738472]
          R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48360]
          R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-4-24 2135232]
          R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-1-30 246488]
          R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-18 4972864]
          R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
          R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
          R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-7-18 129224]
          R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
          R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
          R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
          S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
          S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 2264280]
          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-13 111616]
          S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-8 452088]
          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-1 19456]
          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
          S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-1 30208]
          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
          .
          =============== Created Last 30 ================
          .
          2014-06-20 19:10:13 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
          2014-06-20 19:05:35 -------- d-sh--w- C:\$RECYCLE.BIN
          2014-06-20 18:38:51 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-06-20 18:38:51 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
          2014-06-20 15:43:23 98816 ----a-w- C:\Windows\sed.exe
          2014-06-20 15:43:23 256000 ----a-w- C:\Windows\PEV.exe
          2014-06-20 15:43:23 208896 ----a-w- C:\Windows\MBR.exe
          2014-06-20 07:16:49 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
          2014-06-20 07:15:42 -------- d-----w- C:\AdwCleaner
          2014-06-19 19:12:53 -------- d-----w- C:\OneDriveTemp
          2014-06-19 19:11:09 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Malwarebytes
          2014-06-01 09:01:33 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\DropboxMaster
          2014-05-22 12:33:36 -------- d-----w- C:\Users\Yvonne\AppData\Local\Comodo
          2014-05-22 12:33:34 57096 ----a-w- C:\Windows\System32\certsentry.dll
          2014-05-22 12:33:34 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
          2014-05-22 12:33:29 -------- d-----w- C:\Program Files (x86)\Comodo
          .
          ==================== Find3M ====================
          .
          2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
          2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
          2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
          2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
          2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
          2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
          2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
          2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
          2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
          2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
          2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
          2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
          2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
          2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
          2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
          2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
          2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
          2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
          2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
          2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
          2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
          2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
          2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
          2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
          2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
          2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
          2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
          2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
          2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
          2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
          2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
          2014-04-16 21:12:56 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
          2014-04-16 21:12:55 738472 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
          2014-04-16 21:12:55 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
          2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
          2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
          2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
          2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
          2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
          2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
          2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
          2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
          2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
          2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
          2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
          2014-03-31 12:43:23 40720 ----a-w- C:\Windows\System32\Partizan.exe
          2014-03-31 12:41:33 2 --shatr- C:\Windows\winstart.bat
          2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
          2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
          2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
          2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
          2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
          2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
          2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
          2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
          2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
          2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
          2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
          2014-03-25 19:22:29 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
          2014-03-25 19:22:28 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
          2014-03-25 19:22:25 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
          2014-03-25 19:22:23 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
          .
          ============= FINISH: 21:14:46,95 ===============

          Comment


          • #6
            Schakel je beveiligingssoftware uit.

            Note: Dit script is speciaal bedoeld voor deze PC,
            gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.


            Open een kladblokbestand.
            Kopieer het onderstaande en plak dit in het kladblokbestand.
            Sla het kladblokbestand op als CFScript.txt
            Code:
            KillAll::
            ClearJavaCache::
            DDS::
            AtJob::
            Folder::
            c:\program files (x86)\Google\Chrome
            Registry::
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "GoogleChromeAutoLaunch_96F5D6001B278CB9FAF90ECF2CB8F414"=-
            Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



            ComboFix zal opnieuw starten.
            Als Combofix vraagt om een update, dan staat je dit toe.

            Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

            Maak een nieuwe DDS log en post deze ook.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              hoi, Kladblok kopietje gemaakt, combofix gedraaid, maar die geeft geen log en mijn Google Chrome is helemaal verdwenen, is dat wat we wilden? Ik heb dus geen Combofix log, ik sluit wel het dds log bij:


              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 11.0.9600.17126
              Run by Yvonne at 21:14:17 on 2014-06-20
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7845.6497 [GMT 2:00]
              .
              AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
              FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k GPSvcGroup
              C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
              C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\taskeng.exe
              C:\Windows\system32\Dwm.exe
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              C:\Windows\Explorer.EXE
              C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
              C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
              C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
              C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
              C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files\COMODO\COMODO Internet Security\cis.exe
              C:\PROGRAM FILES (X86)\INTEL\INTEL(R) USB 3.0 EXTENSIBLE HOST CONTROLLER DRIVER\APPLICATION\IUSB3MON.EXE
              C:\Windows\system32\sppsvc.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://google.com/
              BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
              uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
              mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              StartupFolder: C:\Users\Yvonne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe
              uPolicies-Explorer: NoDrives = dword:0
              mPolicies-Explorer: NoDrives = dword:0
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
              TCP: NameServer = 10.221.121.141
              TCP: Interfaces\{4E4E62AB-82B0-4D61-B976-AD2DF59EB9AD} : DHCPNameServer = 10.221.121.141
              Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
              SSODL: WebCheck - <orphaned>
              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
              x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
              x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
              x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
              x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
              x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
              x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              .
              ================= FIREFOX ===================
              .
              FF - ProfilePath - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\d985e5yy.default\
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
              R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
              R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 738472]
              R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48360]
              R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-4-24 2135232]
              R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-1-30 246488]
              R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-18 4972864]
              R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
              R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
              R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-7-18 129224]
              R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
              R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
              R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
              S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
              S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
              S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 2264280]
              S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-13 111616]
              S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-8 452088]
              S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-1 19456]
              S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
              S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-1 30208]
              S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
              .
              =============== Created Last 30 ================
              .
              2014-06-20 19:10:13 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
              2014-06-20 19:05:35 -------- d-sh--w- C:\$RECYCLE.BIN
              2014-06-20 18:38:51 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-06-20 18:38:51 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2014-06-20 15:43:23 98816 ----a-w- C:\Windows\sed.exe
              2014-06-20 15:43:23 256000 ----a-w- C:\Windows\PEV.exe
              2014-06-20 15:43:23 208896 ----a-w- C:\Windows\MBR.exe
              2014-06-20 07:16:49 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
              2014-06-20 07:15:42 -------- d-----w- C:\AdwCleaner
              2014-06-19 19:12:53 -------- d-----w- C:\OneDriveTemp
              2014-06-19 19:11:09 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Malwarebytes
              2014-06-01 09:01:33 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\DropboxMaster
              2014-05-22 12:33:36 -------- d-----w- C:\Users\Yvonne\AppData\Local\Comodo
              2014-05-22 12:33:34 57096 ----a-w- C:\Windows\System32\certsentry.dll
              2014-05-22 12:33:34 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
              2014-05-22 12:33:29 -------- d-----w- C:\Program Files (x86)\Comodo
              .
              ==================== Find3M ====================
              .
              2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
              2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
              2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
              2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
              2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
              2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
              2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
              2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
              2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
              2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
              2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
              2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
              2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
              2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
              2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
              2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
              2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
              2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
              2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
              2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
              2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
              2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
              2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
              2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
              2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
              2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
              2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
              2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
              2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
              2014-04-16 21:12:56 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
              2014-04-16 21:12:55 738472 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
              2014-04-16 21:12:55 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
              2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
              2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
              2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
              2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
              2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
              2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
              2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
              2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
              2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
              2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
              2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
              2014-03-31 12:43:23 40720 ----a-w- C:\Windows\System32\Partizan.exe
              2014-03-31 12:41:33 2 --shatr- C:\Windows\winstart.bat
              2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
              2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
              2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
              2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
              2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
              2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
              2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
              2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
              2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
              2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
              2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
              2014-03-25 19:22:29 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
              2014-03-25 19:22:28 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
              2014-03-25 19:22:25 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
              2014-03-25 19:22:23 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
              .
              ============= FINISH: 21:14:46,95 ===============

              Thxx

              Comment


              • #8
                Dat is wat je wou, ja

                Post de log eens. je zou er twee moeten hebben. Die met het hoogste nummer moet ik hebben.

                Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                Deze kan je vinden als C:\combofix.txt.
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Combofix

                  Hoi, hij kan het niet vinden, zal ik nogmaals proberen combofix te draaien?

                  Comment


                  • #10
                    reboot gedaan, combofix updat gehad, dat ging mis, fout bij het schrijven naar bestand, ik zie niet hoe ik een printscreen toevoeg.... Combofix kan niet updaten iig, Chrome is wel weg, dat is al heel wat toch?

                    Comment


                    • #11
                      Combofix gaat dus in de error na update, wil niets meer, moet ik een nieuwe combofix downloaden? Moet de oude dan verwijderd worden, of kan ik overschrijven? Of misschien in veilige modus updaten-gebruiken?
                      Last edited by diamant; 21-06-14, 11:35.

                      Comment


                      • #12
                        Download SystemLook.exe x64 en plaats het bestand op het Bureaublad.
                        Dubbelklik SystemLook.exe om het programma te starten.
                        In het venster dat opent kopieer je onderstaande code:

                        Code:
                        :filefind
                        combofix*.*
                        :folderfind
                        combofix*
                        Klik op de knop "Look" om de scan te activeren.

                        Als de scan klaar is opent een tekstbestand (SystemLook.txt).
                        Post de inhoud van dit bestand.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          SystemLook 30.07.11 by jpshortstuff
                          Log created at 16:28 on 21/06/2014 by Yvonne
                          Administrator - Elevation successful

                          ========== filefind ==========

                          Searching for "combofix*.*"
                          C:\ComboFix\ComboFix-Download.3XE -ra---- 236032 bytes [00:00 31/08/2000] [00:00 31/08/2000] 3DF9E0775A9E3FC113F4D9FD0D4A14C4
                          C:\ComboFix\ComboFix.txt --a---- 574 bytes [08:18 21/06/2014] [08:23 21/06/2014] 51968C6F952900B331C32508DFF4D326
                          C:\Qoobox\ComboFix-quarantined-files.txt --a---- 732 bytes [15:50 20/06/2014] [19:05 20/06/2014] E335526B1A659BE562F18E2808604983
                          C:\Qoobox\ComboFix2.txt --a---- 17002 bytes [15:50 20/06/2014] [19:05 20/06/2014] 406D7B22777047A98FC1E1CECAFE0541
                          C:\Qoobox\ComboFix3.txt --a---- 23254 bytes [15:50 20/06/2014] [15:50 20/06/2014] 6312ABF3A3A206B91B509E3B186D814D
                          C:\Users\Yvonne\AppData\Local\Temp\ComboFix.exe --a---- 5209566 bytes [10:14 21/06/2014] [10:14 21/06/2014] 845474DD8B87656226D7DBBBBB2CA038
                          C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Recent\combofix 21.06.lnk --a---- 735 bytes [19:06 20/06/2014] [19:18 20/06/2014] AABC18D836027993D3EDF914969A3316
                          C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Recent\Combofix fout.lnk --a---- 585 bytes [09:25 21/06/2014] [09:25 21/06/2014] 81CDB41046B727847F5B537C4BECC593
                          C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Recent\combofixfout.lnk --a---- 580 bytes [09:26 21/06/2014] [09:28 21/06/2014] 7072DFECEDFBA2EE7B8A54489B175B9D
                          C:\Users\Yvonne\Desktop\ComboFix - Snelkoppeling.lnk --a---- 13154 bytes [18:54 20/06/2014] [18:54 20/06/2014] EAFE58ACED9C497D79379E0D68C483D3
                          C:\Users\Yvonne\Desktop\combofixfout.JPG --a---- 38413 bytes [09:26 21/06/2014] [09:26 21/06/2014] 647D01B9754D2D786EB92AABEC603B52
                          C:\Users\Yvonne\Desktop\Logs\combofix 21.06.txt --a---- 17002 bytes [19:06 20/06/2014] [19:06 20/06/2014] 406D7B22777047A98FC1E1CECAFE0541
                          C:\Users\Yvonne\Desktop\Nieuwe map\combofix 21.06.txt --a---- 17002 bytes [19:07 20/06/2014] [19:18 20/06/2014] 406D7B22777047A98FC1E1CECAFE0541

                          ========== folderfind ==========

                          Searching for "combofix*"
                          C:\ComboFix d---s-- [08:17 21/06/2014]

                          -= EOF =-

                          oke, met look gekopieerd

                          Comment


                          • #14
                            Mag ik deze eens hebben: C:\Qoobox\ComboFix2.txt

                            Dit is wel heel ongewoon:

                            C:\Users\Yvonne\Desktop\Logs\combofix 21.06.txt --a---- 17002 bytes [19:06 20/06/2014] [19:06 20/06/2014] 406D7B22777047A98FC1E1CECAFE0541
                            C:\Users\Yvonne\Desktop\Nieuwe map\combofix 21.06.txt --a---- 17002 bytes [19:07 20/06/2014] [19:18 20/06/2014]

                            Heb jij die zelf daar gezet (wat dit doet combofix niet) ?
                            Last edited by Emphyrio; 21-06-14, 15:40.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Maar natuurlijk :-))))))

                              ComboFix 14-06-19.01 - Yvonne 20-06-2014 20:59:58.2.4 - x64
                              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7845.6096 [GMT 2:00]
                              Gestart vanuit: d:\downloads\ComboFix.exe
                              AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
                              FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
                              SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
                              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                              .
                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2014-05-20 to 2014-06-20 ))))))))))))))))))))))))))))))
                              .
                              .
                              2014-06-20 19:03 . 2014-06-20 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
                              2014-06-20 18:38 . 2014-06-20 18:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                              2014-06-20 18:38 . 2014-06-20 18:38 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                              2014-06-20 18:38 . 2014-06-20 18:38 -------- d-----w- c:\windows\system32\Macromed
                              2014-06-20 07:16 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                              2014-06-20 07:15 . 2014-06-20 07:21 -------- d-----w- C:\AdwCleaner
                              2014-06-19 19:12 . 2014-06-19 19:12 -------- d-----w- C:\OneDriveTemp
                              2014-06-19 19:11 . 2014-06-19 19:11 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Malwarebytes
                              2014-06-01 09:01 . 2014-06-20 18:51 -------- d-----w- c:\users\Yvonne\AppData\Roaming\DropboxMaster
                              2014-05-22 12:33 . 2014-05-22 12:33 -------- d-----w- c:\users\Yvonne\AppData\Local\Comodo
                              2014-05-22 12:33 . 2014-05-22 12:33 57096 ----a-w- c:\windows\system32\certsentry.dll
                              2014-05-22 12:33 . 2014-05-22 12:33 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
                              2014-05-22 12:33 . 2014-05-22 12:33 -------- d-----w- c:\program files (x86)\Comodo
                              .
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2014-06-13 14:06 . 2014-02-01 10:17 95414520 ----a-w- c:\windows\system32\MRT.exe
                              2014-04-16 21:12 . 2013-09-24 09:54 105552 ----a-w- c:\windows\system32\drivers\inspect.sys
                              2014-04-16 21:12 . 2013-09-24 09:54 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
                              2014-04-16 21:12 . 2013-11-14 10:38 738472 ----a-w- c:\windows\system32\drivers\cmdguard.sys
                              2014-04-16 21:12 . 2013-09-24 09:54 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
                              2014-04-12 02:22 . 2014-05-15 10:21 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
                              2014-04-12 02:22 . 2014-05-15 10:21 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
                              2014-04-12 02:19 . 2014-05-15 10:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
                              2014-04-12 02:19 . 2014-05-15 10:21 136192 ----a-w- c:\windows\system32\sspicli.dll
                              2014-04-12 02:19 . 2014-05-15 10:21 28160 ----a-w- c:\windows\system32\secur32.dll
                              2014-04-12 02:19 . 2014-05-15 10:21 1460736 ----a-w- c:\windows\system32\lsasrv.dll
                              2014-04-12 02:19 . 2014-05-15 10:21 31232 ----a-w- c:\windows\system32\lsass.exe
                              2014-04-12 02:12 . 2014-05-15 10:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
                              2014-04-12 02:10 . 2014-05-15 10:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
                              2014-03-31 12:43 . 2014-03-31 12:43 40720 ----a-w- c:\windows\system32\Partizan.exe
                              2014-03-31 12:41 . 2014-03-31 12:41 2 --shatr- c:\windows\winstart.bat
                              2014-03-25 19:22 . 2013-11-14 10:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
                              2014-03-25 19:22 . 2013-09-24 09:53 363504 ----a-w- c:\windows\SysWow64\guard32.dll
                              2014-03-25 19:22 . 2013-09-24 09:53 453680 ----a-w- c:\windows\system32\guard64.dll
                              2014-03-25 19:22 . 2013-09-24 09:53 352984 ----a-w- c:\windows\system32\cmdvrt64.dll
                              2014-03-25 19:22 . 2013-09-24 09:53 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
                              2014-03-25 19:22 . 2013-09-24 09:53 284888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
                              2014-03-25 19:22 . 2013-09-24 09:53 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
                              2014-03-25 02:43 . 2014-05-15 10:20 14175744 ----a-w- c:\windows\system32\shell32.dll
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                              REGEDIT4
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
                              2014-04-18 10:20 948392 ----a-w- c:\program files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
                              @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                              [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                              2014-06-19 19:04 233160 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\SkyDriveShell.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
                              @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                              [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                              2014-06-19 19:04 233160 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\SkyDriveShell.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
                              @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                              [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                              2014-06-19 19:04 233160 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\SkyDriveShell.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                              @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-05-28 23:44 131248 ----a-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                              @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-05-28 23:44 131248 ----a-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                              @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                              2014-05-28 23:44 131248 ----a-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                              .
                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-03-22 527936]
                              "GoogleChromeAutoLaunch_96F5D6001B278CB9FAF90ECF2CB8F414"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
                              .
                              c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                              Dropbox.lnk - c:\users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-6-1 33322976]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                              "ConsentPromptBehaviorAdmin"= 5 (0x5)
                              "ConsentPromptBehaviorUser"= 3 (0x3)
                              "EnableUIADesktopToggle"= 0 (0x0)
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                              "LoadAppInit_DLLs"=1 (0x1)
                              .
                              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                              R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                              R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
                              R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                              R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                              R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
                              R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                              R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                              R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                              S0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
                              S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
                              S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
                              S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
                              S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
                              S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
                              S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
                              S3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
                              S3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
                              S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
                              S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
                              S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
                              S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
                              .
                              .
                              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                              2014-06-20 18:48 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
                              .
                              Inhoud van de 'Gedeelde Taken' map
                              .
                              2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
                              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 18:38]
                              .
                              2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31 12:03]
                              .
                              2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31 12:03]
                              .
                              .
                              --------- X64 Entries -----------
                              .
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
                              @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                              [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                              2014-06-19 19:04 260808 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\SkyDriveShell64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
                              @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                              [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                              2014-06-19 19:04 260808 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\SkyDriveShell64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
                              @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                              [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                              2014-06-19 19:04 260808 ----a-w- c:\users\Yvonne\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\SkyDriveShell64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
                              @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
                              [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
                              2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
                              @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                              [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                              2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedViewOverlay]
                              @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
                              [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
                              2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
                              @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
                              [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
                              2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
                              @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
                              [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
                              2014-06-05 15:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13636824]
                              "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
                              .
                              ------- Bijkomende Scan -------
                              .
                              uLocal Page = c:\windows\system32\blank.htm
                              uStart Page = hxxp://google.com/
                              mLocal Page = c:\windows\SysWOW64\blank.htm
                              IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll
                              TCP: DhcpNameServer = 10.221.121.141
                              FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\d985e5yy.default\
                              .
                              .
                              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                              .
                              [HKEY_USERS\S-1-5-21-3513207872-1912893944-3790711704-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
                              @Denied: (2) (LocalSystem)
                              "Progid"="WindowsLiveMail.Email.1"
                              .
                              [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
                              "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                              @Denied: (Full) (Everyone)
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
                              "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
                              "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
                              "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
                              "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
                              "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                              00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
                              .
                              Voltooingstijd: 2014-06-20 21:05:29
                              ComboFix-quarantined-files.txt 2014-06-20 19:05
                              ComboFix2.txt 2014-06-20 15:50
                              .
                              Pre-Run: 76.940.959.744 bytes beschikbaar
                              Post-Run: 76.508.024.832 bytes beschikbaar
                              .
                              - - End Of File - - 736130A692A12AA7A0114930556B0D89
                              A36C5E4F47E84449FF07ED3517B43A31

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X