HPc
-
Items
142 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door HPc
-
-
Ik heb de addons van Babylon Toolbar verwijderd in Firefox. Maar ik heb nog steeds een werkbalk in de navigatiewerkbalk. Hoe kan ik deze verwijderen?
---------- Post toegevoegd om 16:37 ---------- Vorige post was om 16:30 ----------
Ik heb TDSSKiller.exe wel gedownload en op mijn bureaublad geplaatst, maar de scan is niet gelukt.
-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by Pela at 13:25:29 on 2012-03-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.976 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
TB: {87775FDB-6972-41F9-AE51-8326E38CB206} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe
mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1
TCP: Interfaces\{8CDE464C-1B4B-45A8-8B6D-CC932ED71A72} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1
TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1
TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\2626F68723D293163613 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\75966496F53353 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pela\appdata\roaming\mozilla\firefox\profiles\9ndw5now.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://google.be
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - d02d2a220000000000001c659d2da719
FF - user.js: extensions.BabylonToolbar_i.hardId - d02d2a220000000000001c659d2da719
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:09:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-9-5 16176]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-8-1 81920]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-9-5 60928]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-9-5 2320920]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-8-1 41648]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-5 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-5 143968]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-1 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-1 232960]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-8-1 277536]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-29 652360]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-5 134144]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-15 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-1 171520]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-11 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-04 10:01:31 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f846235-1e18-4ad9-9606-27428de2e78f}\offreg.dll
2012-03-03 22:36:34 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-03 20:25:36 -------- d-s---w- C:\ComboFix
2012-03-02 15:49:59 -------- d-----w- c:\windows\system32\EventProviders
2012-03-02 09:34:24 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f846235-1e18-4ad9-9606-27428de2e78f}\mpengine.dll
2012-03-01 16:24:53 388096 ----a-r- c:\users\pela\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-29 16:42:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-23 18:48:12 -------- d-----w- C:\temp
2012-02-23 18:37:02 -------- d-----w- c:\users\pela\appdata\local\Trend Micro
2012-02-23 18:26:56 -------- d-----w- c:\program files\Trend Micro
2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\roaming\ACD Systems
2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\local\ACD Systems
2012-02-21 16:22:32 -------- d-----w- c:\program files\common files\ACD Systems
2012-02-21 16:21:27 -------- d-----w- c:\users\pela\appdata\local\Downloaded Installations
2012-02-21 16:10:34 -------- d-----w- c:\users\pela\appdata\roaming\TuneUp Software
2012-02-21 16:09:53 -------- d-----w- c:\programdata\TuneUp Software
2012-02-21 16:09:41 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-21 16:07:35 -------- d-----w- c:\users\pela\appdata\roaming\uTorrent
2012-02-14 22:56:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 22:56:01 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-14 22:56:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-02-14 22:56:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-02-14 22:56:00 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-14 22:55:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-02-14 22:55:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-14 21:29:53 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 21:29:45 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:29:42 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 21:29:39 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-11 21:56:17 -------- d-----w- c:\users\pela\appdata\local\Apps
2012-02-10 20:03:52 -------- d-----w- c:\users\pela\appdata\roaming\Systweak
2012-02-10 20:03:50 17280 ----a-w- c:\windows\system32\roboot.exe
2012-02-07 15:46:06 -------- d-----w- c:\users\pela\appdata\local\CrashDumps
2012-02-07 00:13:26 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2012-02-05 20:17:05 -------- d-----w- C:\Recovery - 20110919150711
.
==================== Find3M ====================
.
2012-03-03 22:36:15 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-03 19:58:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87A44FA9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; XOR EDX, EDX; CMP [0x87a4cd34], EDX; PUSH EDI; MOV EDI, [EBX+0x60]; JZ 0x187; MOV EAX, [EBP+0x8]; }
1 ntkrnlpa!IofCallDriver[0x82C48458] -> \Device\Harddisk0\DR0[0x87A297F0]
3 CLASSPNP[0x88BAA59E] -> ntkrnlpa!IofCallDriver[0x82C48458] -> [0x87A29020]
\Driver\stdflt[0x879E93D0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x87A44FA9
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }
user != kernel MBR !!!
error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat.
sectors 488397151 (+0): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 13:32:04,15 ===============
-
log van checkup.txt
Results of screen317's Security Check version 0.99.31
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java 7 Update 3
Adobe Reader X (10.1.2)
Mozilla Firefox (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
-
- Bedoelt u met "Alle mappen van dit type" alle mappen met accolades met cijfers in of enkel de specifieke cijfers.
- Na het installeren van java kreeg ik volgende foutmelding: Error melding Wrapper. CreateFile failed with errors: Toegang geweigerd. Is Java nu OK, of dient dit nogmaals geïnstalleerd te worden?
-
Ik heb per ongeluk de logfile van Attach.txt ook gepost , kan die verwijderd worden uit het forum
-
logfile van DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Pela at 21:41:15 on 2012-03-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1084 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
TB: {87775FDB-6972-41F9-AE51-8326E38CB206} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe
mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1
TCP: Interfaces\{8CDE464C-1B4B-45A8-8B6D-CC932ED71A72} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1
TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1
TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\2626F68723D293163613 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\75966496F53353 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pela\appdata\roaming\mozilla\firefox\profiles\9ndw5now.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109985&babsrc=HP_ss&mntrId=d02d2a220000000000001c659d2da719
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - d02d2a220000000000001c659d2da719
FF - user.js: extensions.BabylonToolbar_i.hardId - d02d2a220000000000001c659d2da719
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:09:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-9-5 16176]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-8-1 81920]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-9-5 60928]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-9-5 2320920]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-8-1 41648]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-5 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-5 143968]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-1 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-1 232960]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-8-1 277536]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-29 652360]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-5 134144]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-15 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-1 171520]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-11 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-03 20:25:36 -------- d-s---w- C:\ComboFix
2012-03-03 09:28:42 -------- d-----w- c:\users\pela\appdata\local\{369F9106-3F17-4BD2-A021-B959D40E108B}
2012-03-03 09:28:31 -------- d-----w- c:\users\pela\appdata\local\{A82FA601-16C7-46AC-988A-D6B84BC5E7AA}
2012-03-02 15:49:59 -------- d-----w- c:\windows\system32\EventProviders
2012-03-02 09:34:24 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f846235-1e18-4ad9-9606-27428de2e78f}\mpengine.dll
2012-03-02 09:03:38 -------- d-----w- c:\users\pela\appdata\local\{27A2DED4-CDE9-4129-8993-18A1DBABC47C}
2012-03-02 09:03:26 -------- d-----w- c:\users\pela\appdata\local\{4C11D2EB-E91F-4B40-B376-178ECB697649}
2012-03-01 20:50:51 -------- d-----w- c:\users\pela\appdata\local\{2DF90DAE-9CEC-4286-AF54-D5F311B261A4}
2012-03-01 20:50:39 -------- d-----w- c:\users\pela\appdata\local\{63CCFC06-6D62-43F3-BDA0-863967525DD0}
2012-03-01 16:24:53 388096 ----a-r- c:\users\pela\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-29 16:42:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-25 14:00:14 -------- d-----w- c:\users\pela\appdata\local\{A92B3814-6E78-41F6-B8CA-04F61BCCDFF7}
2012-02-25 13:59:48 -------- d-----w- c:\users\pela\appdata\local\{FA24F8D0-1B47-4FDA-98DF-B5A6340CF410}
2012-02-25 13:25:01 -------- d-----w- c:\users\pela\appdata\local\{559A603A-3BCF-4D1D-AAAB-16B276863741}
2012-02-24 10:21:10 -------- d-----w- c:\users\pela\appdata\local\{6BADB7A2-7FCD-4691-91FC-F36ADFD9BA99}
2012-02-24 10:20:58 -------- d-----w- c:\users\pela\appdata\local\{8B42896C-78A4-4CE6-9D91-11A31B694307}
2012-02-23 18:50:53 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-23 18:48:12 -------- d-----w- C:\temp
2012-02-23 18:37:02 -------- d-----w- c:\users\pela\appdata\local\Trend Micro
2012-02-23 18:26:56 -------- d-----w- c:\program files\Trend Micro
2012-02-23 16:39:46 -------- d-----w- c:\users\pela\appdata\local\{EC5D121C-268C-41B2-950D-3BEAF0B41C49}
2012-02-23 16:39:32 -------- d-----w- c:\users\pela\appdata\local\{F41ABD6C-E13E-4AF5-9B79-EC864CFCBDF9}
2012-02-22 10:16:51 -------- d-----w- c:\users\pela\appdata\local\{6B129761-0611-47FE-9BF0-D253CDE61CA0}
2012-02-22 10:16:39 -------- d-----w- c:\users\pela\appdata\local\{B0CB2EE7-00BD-4418-B7A6-523B71BF5082}
2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\roaming\ACD Systems
2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\local\ACD Systems
2012-02-21 16:22:32 -------- d-----w- c:\program files\common files\ACD Systems
2012-02-21 16:21:27 -------- d-----w- c:\users\pela\appdata\local\Downloaded Installations
2012-02-21 16:10:34 -------- d-----w- c:\users\pela\appdata\roaming\TuneUp Software
2012-02-21 16:09:53 -------- d-----w- c:\programdata\TuneUp Software
2012-02-21 16:09:41 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-21 16:07:35 -------- d-----w- c:\users\pela\appdata\roaming\uTorrent
2012-02-21 15:37:30 -------- d-----w- c:\users\pela\appdata\local\{1A801A0E-9CF1-48DD-A8C5-B38780EF0256}
2012-02-20 11:47:05 -------- d-----w- c:\users\pela\appdata\local\{B9BF410A-9BA7-4989-B049-726821C3FEAC}
2012-02-20 11:46:49 -------- d-----w- c:\users\pela\appdata\local\{30D83EF7-E5A7-4E47-9BB7-E2CD8E167426}
2012-02-20 10:34:54 -------- d-----w- c:\users\pela\appdata\local\{63828642-BB5D-48D1-AB0D-D44BDCE7BE50}
2012-02-20 09:04:18 -------- d-----w- c:\users\pela\appdata\local\{25A10A09-DC63-40E5-9D7A-67C4BCB39BDE}
2012-02-20 06:41:55 -------- d-----w- c:\users\pela\appdata\local\{5934AFC9-383B-47C4-B610-7DDF1895BEC4}
2012-02-19 14:13:47 -------- d-----w- c:\users\pela\appdata\local\{F40F2FB2-5DCA-4805-9879-E708F2D1A3B7}
2012-02-18 18:08:32 -------- d-----w- c:\users\pela\appdata\local\{FFADBA2C-03D4-4449-BDB3-5690865E5BEE}
2012-02-17 21:01:46 0 ----a-w- c:\windows\system32\sho8778.tmp
2012-02-17 19:43:01 -------- d-----w- c:\users\pela\appdata\local\{9816B7CF-23F5-4769-975C-D0B77FC74ACC}
2012-02-17 17:32:37 -------- d-----w- c:\users\pela\appdata\local\{B29A78DF-8B4D-4807-BBB9-23215CD33202}
2012-02-17 12:12:46 -------- d-----w- c:\users\pela\appdata\local\{C4AF6A20-1ABD-447F-A6DA-77232208D185}
2012-02-16 23:43:00 -------- d-----w- c:\users\pela\appdata\local\{5D5B1915-F0C8-4B8A-BA47-F559AD6CB533}
2012-02-16 08:13:38 -------- d-----w- c:\users\pela\appdata\local\{01247F45-4D08-4F26-81FD-F735A16B4AD5}
2012-02-16 08:11:50 -------- d-----w- c:\users\pela\appdata\local\{EB7FE929-BCA5-4F35-98FE-DB2626C57E8E}
2012-02-15 23:42:47 -------- d-----w- c:\users\pela\appdata\local\{3DCD22EB-F99C-428D-8F31-8B1013BF02AA}
2012-02-15 09:25:23 -------- d-----w- c:\users\pela\appdata\local\{FE8164A0-2267-4CDC-B55F-A8C946253D21}
2012-02-15 09:23:08 -------- d-----w- c:\users\pela\appdata\local\{E075FC58-C059-4D81-87BA-888FEC527840}
2012-02-14 22:56:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 22:56:01 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-14 22:56:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-02-14 22:56:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-02-14 22:56:00 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-14 22:55:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-02-14 22:55:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-14 21:29:53 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 21:29:45 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:29:42 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 21:29:39 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:22:38 -------- d-----w- c:\users\pela\appdata\local\{72697C93-B8F9-4935-BE70-E19CAC06E5B0}
2012-02-14 21:21:49 -------- d-----w- c:\users\pela\appdata\local\{924232E5-065E-47FA-8884-22E9053698EE}
2012-02-13 21:41:52 -------- d-----w- c:\users\pela\appdata\local\{DE45E181-96FC-460C-986D-0313B748299C}
2012-02-13 19:59:35 0 ----a-w- c:\windows\system32\shoDEDA.tmp
2012-02-13 01:14:23 0 ----a-w- c:\windows\system32\shoAAC0.tmp
2012-02-13 00:21:40 -------- d-----w- c:\users\pela\appdata\local\{F3F15DCA-E645-45C7-9F6D-F06CCE3965A6}
2012-02-13 00:21:18 -------- d-----w- c:\users\pela\appdata\local\{DF504631-0E7A-45AD-928B-341995AACF9E}
2012-02-12 22:13:11 -------- d-----w- c:\users\pela\appdata\local\{60024CBB-7790-43B6-BC25-8B942547E862}
2012-02-12 00:24:57 0 ----a-w- c:\windows\system32\shoAA27.tmp
2012-02-11 21:56:17 -------- d-----w- c:\users\pela\appdata\local\Apps
2012-02-11 21:02:17 -------- d-----w- c:\users\pela\appdata\local\{74CDC542-2DE6-406C-A06F-1CBD2991BAA6}
2012-02-11 12:41:03 -------- d-----w- c:\users\pela\appdata\local\{07DDF2FF-F13B-45F9-8DB3-1A28F51C6913}
2012-02-10 20:47:18 0 ----a-w- c:\windows\system32\sho60F3.tmp
2012-02-10 20:35:00 -------- d-----w- c:\users\pela\appdata\local\{B7606FE2-D93C-4F1C-B781-D210E75BF15F}
2012-02-10 20:09:00 -------- d-----w- c:\users\pela\appdata\local\Babylon
2012-02-10 20:08:58 -------- d-----w- c:\users\pela\appdata\roaming\Babylon
2012-02-10 20:08:58 -------- d-----w- c:\programdata\Babylon
2012-02-10 20:03:52 -------- d-----w- c:\users\pela\appdata\roaming\Systweak
2012-02-10 20:03:50 17280 ----a-w- c:\windows\system32\roboot.exe
2012-02-10 19:45:51 -------- d-----w- c:\users\pela\appdata\local\{A664D344-1D55-4E8B-84FB-1C42D98FF2A5}
2012-02-09 20:56:20 -------- d-----w- c:\users\pela\appdata\local\{44B8F20C-74AD-4BAE-BADE-8F69892A3DC9}
2012-02-09 18:32:37 -------- d-----w- c:\users\pela\appdata\local\{7E6E93F9-1B24-4671-81EB-5116CF8B44F7}
2012-02-09 16:57:36 -------- d-----w- c:\users\pela\appdata\local\{78E8D0BB-3224-443B-9AD4-6757C1C9AD50}
2012-02-07 15:46:06 -------- d-----w- c:\users\pela\appdata\local\CrashDumps
2012-02-07 15:23:42 -------- d-----w- c:\users\pela\appdata\local\{10970020-C67C-4072-A376-302DFE1ABE53}
2012-02-07 15:23:31 -------- d-----w- c:\users\pela\appdata\local\{DF72EFCE-220E-4F1A-896D-07ED756B0FEE}
2012-02-07 15:22:16 -------- d-----w- c:\users\pela\appdata\local\{E9030A75-0292-48E2-8F36-48D847971E08}
2012-02-07 00:13:26 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2012-02-06 19:38:20 -------- d-----w- c:\users\pela\appdata\local\{D6CCFE55-E753-4BB5-A4FD-015FCBB51C87}
2012-02-06 19:38:09 -------- d-----w- c:\users\pela\appdata\local\{449C9149-D600-456F-B718-F0BAF9572D47}
2012-02-06 10:04:10 -------- d-----w- c:\users\pela\appdata\local\{3D9E2B14-4E8A-4EF6-ACCD-70E15F9ECE50}
2012-02-05 20:38:30 -------- d-----w- c:\users\pela\appdata\local\{422CB62B-4C61-4B2A-8823-A308BDE8E042}
2012-02-05 20:17:05 -------- d-----w- C:\Recovery - 20110919150711
2012-02-05 20:07:13 -------- d-----w- c:\users\pela\appdata\local\{CE17D68C-B780-4D5F-A423-CD2C257FD210}
2012-02-04 13:13:43 -------- d-----w- c:\users\pela\appdata\local\{B4EF8D2C-31CC-48F3-B429-9E02E0B5499C}
2012-02-04 13:13:32 -------- d-----w- c:\users\pela\appdata\local\{0E1B5114-469E-4C47-B797-FBCE11F0AB7C}
2012-02-04 08:47:22 -------- d-----w- c:\users\pela\appdata\local\{76A207D0-B59C-4A5C-82C4-AA6AF8BC5CA7}
2012-02-03 19:06:42 -------- d-----w- c:\users\pela\appdata\local\{1995B91C-FF30-4953-B690-7C7E834B6DD1}
2012-02-03 19:06:24 -------- d-----w- c:\users\pela\appdata\local\{62F78D6A-A0AE-4851-9749-B3BDB23C4475}
.
==================== Find3M ====================
.
2012-03-03 19:58:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87A44FA9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; XOR EDX, EDX; CMP [0x87a4cd34], EDX; PUSH EDI; MOV EDI, [EBX+0x60]; JZ 0x187; MOV EAX, [EBP+0x8]; }
1 ntkrnlpa!IofCallDriver[0x82C42458] -> \Device\Harddisk0\DR0[0x87A2DAC8]
3 CLASSPNP[0x88DA859E] -> ntkrnlpa!IofCallDriver[0x82C42458] -> [0x87A2C350]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }
user != kernel MBR !!!
error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat.
sectors 488397151 (+0): user != kernel
.
============= FINISH: 21:47:19,91 ===============
logfile van Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30/09/2010 12:26:37
System Uptime: 3/03/2012 21:20:25 (0 hours ago)
.
Motherboard: Dell Inc. | | 0G2R51
Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 164,512 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP192: 21/02/2012 16:42:14 - Windows Update
RP193: 21/02/2012 17:09:59 - TuneUp Utilities 2012 is geïnstalleerd
RP194: 21/02/2012 17:22:13 - Installed ACDSee Pro 3.
RP195: 22/02/2012 11:20:13 - Windows Update
RP196: 23/02/2012 19:56:06 - Removed Java 6 Update 29
RP197: 23/02/2012 21:01:25 - TuneUp Utilities 2012 is verwijderd
RP198: 23/02/2012 21:02:24 - TuneUp Utilities Language Pack (nl-NL) is verwijderd
RP199: 23/02/2012 21:03:45 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
RP200: 23/02/2012 21:04:26 - Microsoft Visual C++ 2005 Redistributable is verwijderd
RP201: 23/02/2012 21:04:58 - Removed Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
RP202: 23/02/2012 21:05:24 - Removed Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
RP203: 23/02/2012 21:05:53 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP204: 23/02/2012 22:59:36 - Removed ACDSee Pro 3.
RP205: 24/02/2012 0:39:17 - Windows Update
RP206: 24/02/2012 14:52:18 - Windows Update
RP207: 24/02/2012 18:58:04 - Removed Adobe Reader 9.5.0 - Nederlands.
RP208: 27/02/2012 18:27:44 - Installed Adobe Reader X (10.1.0) - Nederlands.
RP209: 28/02/2012 10:18:48 - Windows Update
RP210: 1/03/2012 17:24:25 - Installed HiJackThis
RP211: 2/03/2012 10:33:57 - Windows Update
RP212: 2/03/2012 23:40:12 - Removed Adobe Reader X (10.1.2) - Nederlands.
.
==== Installed Programs ======================
.
Accelerometer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2) - Nederlands
Advanced Audio FX Engine
Canon MP Navigator EX 3.0
Canon MP550 series MP Drivers
Cisco LEAP Module
Cisco PEAP Module
CyberLink PowerDVD 9.5
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Central
Download Updater (AOL LLC)
DW WLAN Card Utility
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java Auto Updater
Java 6 Update 22
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware versie 1.60.1.1000
Martindale (Single-user Version)
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 nl)
MSVCRT
OpenOffice.org 3.3
QuickSet32
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
-
Ook in de veilige modus wordt er weer gescand maar ik krijg geen logje (gezocht naar combofix.txt)
(Toch bedankt voor alle moeite tot nu toe:-))
-
Ik heb Combofix verwijderd
Daarna terug gedownload via link 1, wat niet lukte --> melding: Combofix wordt niet veel gedownload en is mogelijk schadelijk voor uw computer (Nochtans heb ik mijn antivirusprogramma verwijderd)
Daarna via link 2 gedownload, maar ik krijg weer geen logje
-
Ik heb TrenMicro uitgeschakeld voor Combofix en het logje lukte niet. Daarna heb ik TrenMicro verwijderd --> nog steeds geen logje. Pc gaat nu wel veel sneller.
Maar ik kreeg Combofix niet geïnstalleerd via link 1. Via link 2 is dit wel gelukt. Moet ik Combofix misschien verwijderen en terug installeren?
-
nee, niet te vinden, ik heb "combofix.txt" ingetikt bij "programma's en bestanden zoeken" en er werd niets gevonden
-
Ook als ik in de veilige modus start voert Combofix wel een scan uit, maar er wordt geen logje gemaakt achteraf.
-
- Ik heb de opdracht met combofix uitgevoerd maar er komt helemaal geen logje; combofix wordt meteen afgesloten.
- Ook is het niet gelukt om het service pack 1 voor windows 7 te installeren. Na installatie krijg ik volgende foutmelding:
Fout 0x800f0a12
Ik heb dan de suggesties opgevolgd van volgende website Fout bij de installatie van Windows 7 en Windows Server 2008 R2 Service Pack 1 (SP1): 0x800F0A12
Maar dan lukt het nog steeds niet.
Er is geen speciale reden waarom ik het service pack 1 voor windows 7 nog niet geinstalleerd heb.
Wel had ik een virus op mijn laptop (+/- 2 maanden geleden) na het openen van een e-mail. Daarna heb ik een antivirus programma gedownload, het virus werd verwijderd maar ook al mijn programma's en documenten. Daarna heb ik systeemherstel uitgevoerd. Waarna mijn programma's terug werkten maar mijn documenten zijn verdwenen.
Het probleem met secure.bidvertiser.com is er eigenlijk sindsdien. Ook kan ik mijn laptop niet normaal afsluiten --> altijd via "Afsluiten forceren" omdat er nog een programma open zou zijn, wat volgens mij niet zo is.
-
De Fix met HijackThis lukt niet
De 2 regels blijven erin staan.
Als ik Hijack This opstart krijg ik ook steeds het volgende:
"For some reason your system denied write access tot the Host file. If any hijacked domains are in the file Hijack This may Not be able to fix this. If that happens you need to edit the file yourself. To do this click
Start
Run and type notepad C:\Windows\System 32\drivers\etc\hosts
and press Enter Find the lines Hijack This reports and delet them
Save the file as "hosts" (with quotes) and reboot
Zie hieronder terug het logje van Hijack This
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:45, on 2/03/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
--
End of file - 9677 bytes
-
MBAM logje
Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
Databaseversie: v2012.03.01.07
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Pela :: PELA-PC [administrator]
Realtime bescherming: Uitgeschakeld
1/03/2012 22:40:04
mbam-log-2012-03-01 (22-40-04).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 174731
Verstreken tijd: 8 minuut/minuten, 46 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Hijack This logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:53:33, on 1/03/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
--
End of file - 9953 bytes
---------- Post toegevoegd om 23:03 ---------- Vorige post was om 22:54 ----------
Malwarebytes Anti-Malware heeft niets gedetecteerd maar secure.bidvertiser verschijnt nog steeds
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:20, on 1/03/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\taskeng.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
--
End of file - 10190 bytes
-
Hallo,
Ik heb hetzelfde probleem als in het forum op
http://www.pc-helpforum.be/f201/virus-spyware-google-34188/
Als ik iets zoek in google en dan op de link klik word ik doorgelinkt naar een datingsite of een spelletjessite, of een site waar ze internet tv aanbieden
In de adresbalk komt dan ook
http://secure.bidvertiser.com/...
Hoe geraak ik hier vanaf?
hoe secure.bidvertiser.com verwijderen
in Archief Bestrijding malware & virussen
Geplaatst:
Het verwijderen van de babylon toolbar is inmiddels gelukt