Can you post the log? You may not have done the script right.
I did exactly as you told. Make the script with those lines. Then, drag it onto ComboFix.exe
ComboFix 13-08-15.03 - Michael 16-08-2013 14:16:46.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1975.958 [GMT 2:00]
Gestart vanuit: c:\users\Michael\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Michael\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-07-16 to 2013-08-16 ))))))))))))))))))))))))))))))
.
.
2013-08-16 12:27 . 2013-08-16 12:27 -------- d-----w- c:\users\Michael\AppData\Local\temp
2013-08-16 12:27 . 2013-08-16 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-14 10:13 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 10:13 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 10:13 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 10:13 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 10:13 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 10:13 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 10:13 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 10:13 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 10:13 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 10:13 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 10:13 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 10:13 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-12 14:14 . 2013-08-12 14:14 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
2013-08-12 13:23 . 2013-08-12 13:28 -------- d-----w- c:\users\Michael\AppData\Local\SoftThinks
2013-08-12 13:21 . 2013-08-12 13:21 -------- d-----w- c:\users\Michael\AppData\Roaming\SampleView
2013-08-12 13:17 . 2007-03-19 13:03 241664 ----a-w- c:\windows\system32\HPEvents.dll
2013-08-12 13:17 . 2005-10-10 09:03 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll
2013-08-12 13:17 . 2003-03-19 02:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2013-08-12 13:17 . 2002-09-20 18:42 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
2013-08-12 12:43 . 2013-08-12 12:53 -------- d-----w- c:\program files\Belarc
2013-08-12 12:38 . 2013-08-12 12:54 -------- d-----w- c:\program files\VirtualCloneDrive
2013-08-12 12:35 . 2013-08-12 12:54 -------- d-----w- c:\program files\MagicISO
2013-08-12 10:18 . 2013-08-12 14:51 -------- d-----w- c:\program files\Google
2013-08-08 17:59 . 2013-08-14 10:29 -------- d-----w- c:\windows\system32\MRT
2013-08-08 14:05 . 2013-08-08 14:06 -------- d-----w- c:\program files\Core Temp
2013-08-08 14:02 . 2013-08-08 14:02 -------- d-----w- c:\programdata\APN
2013-08-05 17:56 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-05 17:56 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-08-05 17:56 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-05 17:56 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-05 17:56 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-05 17:56 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-05 17:56 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-05 17:56 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-05 17:56 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-05 17:56 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-05 17:56 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-08-05 17:55 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-08-05 17:55 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-08-05 17:55 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-08-05 17:55 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-08-05 17:55 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 17:51 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-08-05 17:51 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 12:06 . 2008-04-17 16:25 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-08-16 12:06 . 2011-01-02 15:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-08-15 08:31 . 2008-04-17 16:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-06-22 10:10 . 2012-04-11 10:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-22 10:10 . 2011-05-16 08:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 08:28 . 2012-07-12 08:28 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-24 175128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-24 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-24 153624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-12-27 2054360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 20:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 20:02 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 16:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-18 13:53 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-12 14:51 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-12 14:50]
.
2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-12 14:50]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyServer = 10.10.10.50:8080
IE: Append Link Target to Existing PDF
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-08-16 14:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3535993027-2643320515-1217649130-1004\Software\SecuROM\License information*]
"datasecu"=hex:0d,2a,1b,32,14,9d,a6,69,e8,67,98,81,86,32,a6,c3,0a,c1,40,64,e5,
86,91,de,a0,00,f4,16,27,39,b0,8a,dd,dc,92,d4,3d,03,14,af,22,03,49,94,81,4d,\
"rkeysecu"=hex:c4,75,a9,69,82,d8,e7,b3,d4,93,e0,8a,47,90,24,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000000
"ProductCode"="{85C70286-A56F-4834-BD24-B34EB76A93A2}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.0"
"UniqueId"="0004C8AB4EF9D729"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
"FixId"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2013-08-16 14:32:07
ComboFix-quarantined-files.txt 2013-08-16 12:32
.
Pre-Run: 54.668.910.592 bytes beschikbaar
Post-Run: 54.589.497.344 bytes beschikbaar
.
- - End Of File - - 360D36AD900A0553B8010029183858D7
82967FD6D91A60516A81EEE17D859620