Okay Huib, dank je wel…
de scan is nog steeds bezig, althans dat denk ik, hij staat al een tijd op voltooid deel1-4…
de cursor daaronder knippert, maar goed ik zal de pc aan laten staan in de hoop dat er een
logje tevoorschijn komt, en dan maar hopen dat ik morgen weer fris genoeg ben om verder te gaan…
iig heel erg bedankt voor je hulp en ik hoop dat je me morgen weer kan helpen,
vr groet Irene/Irmz
Goedemorgen Huib,
de scan heeft er vreselijk lang over gedaan, hierbij het combofix logje
ik ga nu proberen om een hijack logje te maken, hijack weigerde dit
dus ik ga kijken of dit me nu gaat lukken…
iig alvast bedankt en een fijne dag
gr irmz irene
ComboFix 12-10-26.05 - Anca 28-10-2012 22:40:02.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3691.2263
Gestart vanuit: c:\users\Anca\Downloads\ComboFix.exe
SP: SPYWAREfighter *Enabled/Updated* {4E92AA92-C88D-5FC6-69DE-FCC188839428}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anca\AppData\Roaming\1FE0.exe
c:\users\Anca\AppData\Roaming\5FA2.exe
c:\users\Anca\AppData\Roaming\9629.exe
c:\users\Anca\AppData\Roaming\9648.exe
c:\users\Anca\AppData\Roaming\AA52.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-28 to 2012-10-28 ))))))))))))))))))))))))))))))
.
.
2012-10-28 23:04 . 2012-10-28 23:04 ——– d—–w- c:\users\Gast\AppData\Local\temp
2012-10-28 23:04 . 2012-10-28 23:04 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-10-27 14:51 . 2012-10-28 21:20 ——– d—–w- c:\program files (x86)\Emsisoft Anti-Malware
2012-10-26 10:57 . 2012-10-12 07:19 9291768 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F379AEB-4B12-4445-9ADE-C6D3695986D2}\mpengine.dll
2012-10-10 14:36 . 2012-09-14 19:19 2048 —-a-w- c:\windows\system32\tzres.dll
2012-10-10 14:36 . 2012-09-14 18:28 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 14:36 . 2012-08-11 00:56 715776 —-a-w- c:\windows\system32\kerberos.dll
2012-10-10 14:36 . 2012-08-10 23:56 542208 —-a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 14:36 . 2012-06-02 05:41 1464320 —-a-w- c:\windows\system32\crypt32.dll
2012-10-10 14:36 . 2012-06-02 04:36 1159680 —-a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 14:36 . 2012-06-02 05:41 184320 —-a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 14:36 . 2012-06-02 05:41 140288 —-a-w- c:\windows\system32\cryptnet.dll
2012-10-10 14:36 . 2012-06-02 04:36 140288 —-a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 14:36 . 2012-06-02 04:36 103936 —-a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 15:34 . 2012-10-04 15:35 ——– d—–w- c:\users\Anca\AppData\Local\Facebook
2012-09-30 21:26 . 2009-07-14 01:41 230400 —-a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-09-29 13:53 . 2012-09-29 13:53 ——– d—–w- c:\program files\CCleaner
2012-09-29 12:46 . 2012-06-05 07:37 256904 —-a-w- c:\windows\SysWow64\drivers\tmcomm.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 10:17 . 2012-09-27 20:29 285328 —-a-w- c:\windows\system32\aswBoot.exe
2012-10-11 17:31 . 2012-09-27 20:27 65309168 —-a-w- c:\windows\system32\MRT.exe
2012-09-29 17:54 . 2012-09-27 18:33 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 20:27 . 2012-09-27 20:27 95208 —-a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-27 20:26 . 2012-05-21 07:04 821736 —-a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-27 20:26 . 2012-05-21 07:04 746984 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-02 08:46 . 2012-09-02 08:46 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-09-02 08:46 . 2012-09-02 08:46 856712 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-24 11:15 . 2012-09-25 14:55 17810944 —-a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-25 14:55 10925568 —-a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-25 14:55 2312704 —-a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-25 14:55 1346048 —-a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-25 14:55 1392128 —-a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-25 14:55 1494528 —-a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-25 14:55 237056 —-a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-25 14:55 85504 —-a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-25 14:55 173056 —-a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-25 14:55 816640 —-a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-25 14:55 599040 —-a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-25 14:55 2144768 —-a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-25 14:55 729088 —-a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-25 14:56 96768 —-a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-25 14:56 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-25 14:55 248320 —-a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-25 14:55 1800704 —-a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-25 14:55 1129472 —-a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-25 14:55 1427968 —-a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-25 14:55 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-25 14:55 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-25 14:56 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 17:27 1913200 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 17:28 950128 —-a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 17:27 376688 —-a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 17:27 288624 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-27 16:02 245760 —-a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 14:37 44032 —-a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 17:28 574464 —-a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 17:28 490496 —-a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe”
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“Facebook Update”=“c:\users\Anca\AppData\Local\Facebook\Update\FacebookUpdate.exe”
.
“StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
“HPQuickWebProxy”=“c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe”
“HP Quick Launch”=“c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe”
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Easybits Recovery”=“c:\program files (x86)\EasyBits For Kids\ezRecover.exe”
“HPOSD”=“c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“emsisoft anti-malware”=“c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
“HideFastUserSwitching”= 0 (0x0)
.
“EnableShellExecuteHooks”= 1 (0x1)
.
.
“LoadAppInit_DLLs”=0 (0x0)
.
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-10-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-139012978-1220910512-2524659261-1001Core.job
- c:\users\Anca\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-139012978-1220910512-2524659261-1001UA.job
- c:\users\Anca\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139012978-1220910512-2524659261-1001Core.job
- c:\users\Anca\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139012978-1220910512-2524659261-1001UA.job
- c:\users\Anca\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-10-24 c:\windows\Tasks\HPCeeScheduleForAnca.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
.
.
——— X64 Entries ———–
.
.
“RTHDVCPL”=“c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe”
“SetDefault”=“c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe”
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Anca\AppData\Roaming\Mozilla\Firefox\Profiles\v8056ts0.default\
FF - ExtSQL: 2012-09-27 18:08; crossriderapp5060@crossrider.com; c:\users\Anca\AppData\Roaming\Mozilla\Firefox\Profiles\v8056ts0.default\extensions\crossriderapp5060@crossrider.com
FF - ExtSQL: 2012-10-28 15:19; {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-10-29 00:08:56
ComboFix-quarantined-files.txt 2012-10-28 23:08
.
Pre-Run: 436.119.924.736 bytes beschikbaar
Post-Run: 440.522.219.520 bytes beschikbaar
.
- - End Of File - - DBD2AC0C0D705DC215A7D2D554AEB9C9
Hai Huib ik zie dat ik heel wat berichtjes van je gemist heb,
het is een vreemd gedoe op deze laptop, ik zal blij zijn als de klus
geklaard is 
als de lap schoon is, zou jij me dan kunnen aangeven waar het zo
mis is gegaan ? welke sites ze beter niet zou kunnen bezoeken ?
ze had alleen een virus scanner, ik heb er voor haar bepaalde programma's
opgezet zoals CCleaner, spywareblaster, mbam, dus hopelijk blijft haar
laptop straks wat schoner en mijn humeur iets beter
alvast bedankt voor je hulp, ik ben er superblij mee.
gr Irene
Hai Huib nu zonder problemen een hijack logje kunnen maken, pffff….
ik denk dat ik nu al het gevraagde gedaan heb, en wacht rustig je advies af
de laptop is nu volgens mij wel iets sneller, ik ga zo even testen en avast er
weer opzetten..
gr Irene
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:44, on 29-10-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Anca\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/7
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe” /d=60
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Users\Anca\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: Verzenden naar &Bluetooth-apparaat… - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11546 bytes
Hai Ben
Avast kan geen virussen vinden, maar er zijn wel een hoop bestanden
waarvan hij zegt dat ze niet gescand konden worden, de melding is :
Fout:het archief is beschermd met een wachtwoord
het is een hele lijst die ik niet naar de viruskluis kon verplaatsen
hier enkele voorbeelden van wat er stond :
C.UsersAnca bgbody.png
bng.OpenX.png
bgbutton.png
is er iets wat ik nog vergeten was ? bvd
vr groet Irene
Hai Huib/Ben,
Hierbij even een scan van Emisoft
mss dat dat iets bijdraagt…
de lap deed het wat beter, maar na een paar updates
van flash en java, en de optionele updates van Windows7
lijkt het wel weer bagger geworden….firefox reageert erg traag
ik wacht verder advies af, bvd vr groet Irene.
Emsisoft Anti-Malware - Versie 7.0
Laatste Update: 27-10-2012 17:59:57
Scaninstellingen:
Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, E:\
Detecteer riskware: Uit
Scan archieven: Aan
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 27-10-2012 18:00:13
Key: HKEY_CLASSES_ROOT\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Ontdekt: Trace.Registry.FunWebProducts (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{120927BF-1700-43BC-810F-FAB92549B390} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{1F52A5FA-A705-4415-B975-88503B291728} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{90449521-D834-4703-BB4E-D3AA44042FF8} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{991AAC62-B100-47CE-8B75-253965244F69} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Ontdekt: Trace.Registry.MyWebSearchToobar (A)
Key: hkey_users\s-1-5-21-139012978-1220910512-2524659261-501\software\mywebsearch Ontdekt: Trace.Registry.MyWebSearchToobar (A)
C:\Users\Anca\AppData\Roaming\309C.exe Ontdekt: Trojan.Generic.KDV.771531 (B)
C:\Users\Anca\AppData\Roaming\32BE.exe Ontdekt: Trojan.Generic.KDV.771531 (B)
C:\Users\Anca\AppData\Roaming\9CD.exe Ontdekt: Trojan.Generic.KDV.771289 (B)
C:\Users\Anca\AppData\Roaming\BCC3.exe Ontdekt: Trojan.Generic.KDV.771531 (B)
C:\Users\Anca\AppData\Roaming\Biqwqx.exe Ontdekt: Trojan.Win32.Bublik.AMN (A)
C:\Users\Anca\AppData\Roaming\CBEF.exe Ontdekt: Trojan.Generic.KDV.771531 (B)
Gescand 426894
Gevonden 22
Scan geëindigd: 27-10-2012 18:56:22
Scantijd: 0:56:09
C:\Users\Anca\AppData\Roaming\Biqwqx.exe In quarantaine Trojan.Win32.Bublik.AMN (A)
C:\Users\Anca\AppData\Roaming\9CD.exe In quarantaine Trojan.Generic.KDV.771289 (B)
C:\Users\Anca\AppData\Roaming\309C.exe In quarantaine Trojan.Generic.KDV.771531 (B)
C:\Users\Anca\AppData\Roaming\32BE.exe In quarantaine Trojan.Generic.KDV.771531 (B)
C:\Users\Anca\AppData\Roaming\BCC3.exe In quarantaine Trojan.Generic.KDV.771531 (B)
C:\Users\Anca\AppData\Roaming\CBEF.exe In quarantaine Trojan.Generic.KDV.771531 (B)
Key: HKEY_CLASSES_ROOT\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{120927BF-1700-43BC-810F-FAB92549B390} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{1F52A5FA-A705-4415-B975-88503B291728} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{90449521-D834-4703-BB4E-D3AA44042FF8} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{991AAC62-B100-47CE-8B75-253965244F69} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{BBABDC90-F3D5-4801-863A-EE6AE529862D} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: hkey_users\s-1-5-21-139012978-1220910512-2524659261-501\software\mywebsearch In quarantaine Trace.Registry.MyWebSearchToobar (A)
Key: HKEY_CLASSES_ROOT\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} In quarantaine Trace.Registry.FunWebProducts (A)
In quarantaine 22
Hoi Irene,
Ik zit midden in een grote verbouwing en was net weer naar jou logjes aan het kijken en Ben had ook prive zaken te doen.
Met alle goede bedoelingen, maar zou je niet tussendoor andere scans uit willen voeren;)
Die crossrider is wel de boosdoener.
Doe het volgende:
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
FireFox::
FF - ProfilePath - c:\users\Anca\AppData\Roaming\Mozilla\Firefox\Profiles\v8056ts0.default\
FF - ExtSQL: 2012-09-27 18:08; crossriderapp5060@crossrider.com; c:\users\Anca\AppData\Roaming\Mozilla\Firefox\Profiles\v8056ts0.default\extensions\crossriderapp5060@crossrider.com
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Succes,
Huib;)
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
