Ga naar inhoud

letcousine

Lid
  • Items

    23
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door letcousine

  1. na opstarten firefox en explorer is alles terug normaal groetjes en dank u wel
  2. zie hier het logje van zoek.exe Zoek.exe Version 4.0.0.2 Updated 17-April-2013 Tool run by winston on zo 21/04/2013 at 11:11:00,96. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-225639665-913216918-3013696451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Arlette\AppData\Roaming\Mozilla\Firefox\Profiles\j2oa866v.default\prefs.js: Added to C:\Users\Arlette\AppData\Roaming\Mozilla\Firefox\Profiles\j2oa866v.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\55r9t9w8.default-1366478536608\prefs.js: user_pref("browser.startup.homepage", "http://www.google.be/"); user_pref("searchreset.backup.browser.startup.homepage", "http://www.google.be/"); user_pref("browser.search.suggest.enabled", false); Added to C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\55r9t9w8.default-1366478536608\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\prefs.js: user_pref("browser.startup.homepage", "http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=FUJITSUXMHZ2500BTXG1_K701T8A26NFMT8A26NFMX&ts=1366278531"); user_pref("browser.search.defaultenginename", "portaldosites"); user_pref("browser.search.selectedEngine", "portaldosites"); user_pref("browser.search.order.1", "portaldosites"); user_pref("keyword.URL", "http://search.bearshare.com/web?src=ffb&systemid=2&q="); user_pref("browser.search.useDBForOrder", true); Added to C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\Arlette\AppData\Roaming\Mozilla\Firefox\Profiles\j2oa866v.default user.js not found ---- Lines CT2865317 removed from prefs.js ---- ---- Lines CT2865317 modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines portaldosites removed from prefs.js ---- ---- Lines portaldosites modified from prefs.js ---- ---- Lines Search-Results removed from prefs.js ---- ---- Lines Search-Results modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- ProfilePath: C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\55r9t9w8.default-1366478536608 user.js not found ---- Lines CT2865317 removed from prefs.js ---- ---- Lines CT2865317 modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines portaldosites removed from prefs.js ---- ---- Lines portaldosites modified from prefs.js ---- ---- Lines Search-Results removed from prefs.js ---- ---- Lines Search-Results modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20132104_1116_.backup ProfilePath: C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default user.js not found ---- Lines CT2865317 removed from prefs.js ---- ---- Lines CT2865317 modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); ---- Lines ask.com modified from prefs.js ---- ---- Lines portaldosites removed from prefs.js ---- ---- Lines portaldosites modified from prefs.js ---- ---- Lines Search-Results removed from prefs.js ---- user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); ---- Lines Search-Results modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20132104_1116_.backup ==== Deleting Files \ Folders ====================== "C:\Program Files\Mozilla Firefox\searchplugins\portaldosites.xml" deleted "C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\CT2865317" deleted "C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\CT2865317" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\winston\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-04-10 11:23:53 2E56BA5BC215B2AED2B790D42D8C1739 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-10 11:23:52 507183B4FCB535A7A973427D1F367CA8 420864 ----a-w- C:\Windows\System32\vbscript.dll 2013-04-10 11:23:52 40169F9AE27BB73F2CB8C7D11A7A2AC2 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2013-04-10 11:23:50 C720BD3BDE2C9A1BFC4476F6D3A4B64D 176640 ----a-w- C:\Windows\System32\ieui.dll 2013-04-10 11:23:50 4BE468D2EE9CC59CB8F666949CD37CD5 65024 ----a-w- C:\Windows\System32\jsproxy.dll 2013-04-10 11:23:49 FC5BBA40E667D20126D91BD6A790705B 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-04-10 11:23:49 9DE04A790F697432871E88BB77EEBCF5 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2013-04-10 11:23:48 C5B6468422DB1C8AA36C32CBB0197E5E 1129472 ----a-w- C:\Windows\System32\wininet.dll 2013-04-10 11:23:48 26DB6CB9BC434ABA1169B3051E6AB4F2 717824 ----a-w- C:\Windows\System32\jscript.dll 2013-04-10 11:23:47 7E6052699CAF18ADEDD846D44ECCE81F 1800704 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-10 11:23:47 69EDE878C3891E7796D46B7E552330B1 231936 ----a-w- C:\Windows\System32\url.dll 2013-04-10 11:23:46 9BDDA34DC4890169DE5BA21134B33EFB 1796096 ----a-w- C:\Windows\System32\iertutil.dll 2013-04-10 11:23:44 4E7F83E1F6AEFA38E270EA7353D6911E 1104384 ----a-w- C:\Windows\System32\urlmon.dll 2013-04-10 11:23:43 CA78BA218B423C7F22B14906308B8B02 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-04-10 11:23:41 658EBC74BD38D16805648C4775F7FA82 12324352 ----a-w- C:\Windows\System32\mshtml.dll 2013-04-10 11:23:40 DFE118C95C6571B87D1923DAB3FA0A77 9738752 ----a-w- C:\Windows\System32\ieframe.dll 2013-04-10 10:41:22 E31AE50AFB2A4AE804D016E02EE6BE10 3551080 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 10:41:22 21870BAB9C9B802AC641DD644708BDE4 3603816 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2013-04-10 10:41:21 BE7480C91E89EB82FC080F772C220AE4 64000 ----a-w- C:\Windows\System32\smss.exe 2013-04-10 10:41:21 33F84B64D4765BCDFA0AB8464122DA14 49152 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 10:41:18 6A166182E32844369FD072057782A22B 2067968 ----a-w- C:\Windows\System32\mstscax.dll 2013-04-10 10:41:16 A508314231C49AEE86987CEA3EAECAD1 376320 ----a-w- C:\Windows\System32\winsrv.dll 2013-04-10 10:40:44 88FB35233A80BB42FF5B4E722705FEF4 2049024 ----a-w- C:\Windows\System32\win32k.sys ====== C:\Windows\system32\drivers ===== 2013-04-10 10:41:19 2C1121F2B87E9A6B12485DF53CD848C7 1082232 ----a-w- C:\Windows\System32\drivers\ntfs.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-04-20 18:19:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2013-04-18 09:58:37 -------- d-----w- C:\Program Files\MyFree Codec 2013-04-16 17:05:19 -------- d-----w- C:\Program Files\Samsung ======= C: ===== 2013-04-21 07:50:02 F11653C0A6F17B526E5A14743ECBD42E 19820 ----a-w- C:\AdwCleaner[s1].txt ====== C:\Users\winston\AppData\Roaming ====== 2013-04-20 18:19:17 -------- d-----w- C:\users\winston\AppData\Roaming\SUPERAntiSpyware.com 2013-04-16 17:13:08 -------- d-----w- C:\users\winston\AppData\Roaming\Samsung 2013-04-16 17:04:01 -------- d-----w- C:\users\winston\AppData\Local\Downloaded Installations 2013-04-08 15:29:29 -------- d-----w- C:\users\winston\AppData\Roaming\MusE 2013-04-08 15:29:26 -------- d-----w- C:\users\winston\AppData\Local\MusE ====== C:\Users\winston ====== 2013-04-20 18:19:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2013-04-20 18:19:10 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2013-04-16 17:05:19 -------- d-----w- C:\ProgramData\Samsung 2013-04-01 16:33:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ====== C: exe-files == === C: other files == 2013-04-21 08:49:21 ACB22AC07CDA856A3E59F86DFF39F634 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-225639665-913216918-3013696451-1000\$IE2A6IU.zip 2013-04-20 08:50:35 28F64D3E7293C8F13FD825E6CB59B82E 1811565201 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-225639665-913216918-3013696451-1000\$RE2A6IU.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-225639665-913216918-3013696451-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe /MINIMIZED" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "FIC HotKey"="C:\Program Files\Hotkey Utility\tray.exe" "LaunchPad"="C:\Program Files\Launch Pad\LaunchPad.exe" "PowerManager"="C:\Program Files\Power Manager\PM.exe" "FSCRecovery"="c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" "avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui" "beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe /MINIMIZED" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Startup Folders ====================== 2013-04-06 08:55:35 959 ----a-w- C:\users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-01-15 15:57:38 1917 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/04/2009 21:14] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/04/2009 21:14] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Arlette\AppData\Roaming\Mozilla\Firefox\Profiles\j2oa866v.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ProfilePath: C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium(201).be - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium(213).be - TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(31) - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi AppDir: C:\Program Files\Mozilla Firefox - Undetermined - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - Undetermined - %AppDir%\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - Undetermined - %AppDir%\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\55r9t9w8.default-1366478536608 F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 2616B4D6D04F18C579B7861F02B0B592 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.130.20 F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 2034E977759F4EB2226914BFC58F2758 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 9C9CE25B0BC71B4442DC17C651BF81AC - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll - McAfee Security Scanner + 3509063A268A4197CF8E713BD22B0978 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery 075394F75303286C2FA91908CB781609 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation B9CB851B2E39B4336822AC879FDE218B - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll - Windows Genuine Advantage 29B060079A9129553E3FA75EDB8243BB - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) 3D84A7E0CD7A1FC93EAB9F2D50E5BD9C - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin 99F97C9FE748C37528C338A423577FCB - C:\Users\winston\AppData\Roaming\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin 99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin 2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 2034E977759F4EB2226914BFC58F2758 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 3509063A268A4197CF8E713BD22B0978 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery 075394F75303286C2FA91908CB781609 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation B9CB851B2E39B4336822AC879FDE218B - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll - Windows Genuine Advantage 29B060079A9129553E3FA75EDB8243BB - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) 3D84A7E0CD7A1FC93EAB9F2D50E5BD9C - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin 99F97C9FE748C37528C338A423577FCB - C:\Users\winston\AppData\Roaming\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\winston\AppData\Local\Temp\crx7051.tmp[] icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[31/10/2012 00:48] YouTube - winston - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - winston - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - winston - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://search.yahoo.com/search?fr=mcafee&p=%s" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{E0B7D8C7-3B85-4B46-8648-43F8FFFBF5F6}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {279540CE-1994-4F5B-B35C-E16172E822E8} Wikipedia (en) Url="http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}" {443F0DD5-8053-4A4F-92C4-371197702A1C} Bing Url="http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {DECA3892-BA8F-44b8-A993-A466AD694AE4} Yahoo//search.yahoo.com/search?fr=mcafee&p={searchTerms}" {E0B7D8C7-3B85-4B46-8648-43F8FFFBF5F6} Google Url="http://www.google.be/{searchTerms}" ==== Reset Google Chrome ====================== C:\users\winston\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\winston\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\winston\Desktop\Dropbox.lnk - C:\Users\winston\AppData\Roaming\Dropbox\bin\Dropbox.exe /home ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\avast Free Antivirus.lnk - C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe Portaldosites.com C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==== shortcuts in Users Start Menu ====================== C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe Portaldosites.com C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe Portaldosites.com C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\winston\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\winston\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\winston\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe Portaldosites.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Free Antivirus.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe -setDX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe -setOGL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth verwijderen.lnk - C:\Windows\System32\msiexec.exe /x {468D22C0-8080-11E2-B86E-B8AC6F98CCE3} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs\Common Tools\Make a Donation.lnk - C:\Program Files\Internet Explorer\iexplore.exe Portaldosites.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs\Common Tools\VistaCodecs HomePage.lnk - C:\Program Files\Internet Explorer\iexplore.exe Portaldosites.com ==== shortcuts in Quick Launch ====================== C:\Users\winston\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe Portaldosites.com C:\Users\winston\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe Portaldosites.com ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs\Common Tools\Make a Donation.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs\Common Tools\VistaCodecs HomePage.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\winston\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\winston\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyOverride"="*.local" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully ==== Empty IE Cache ====================== C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Arlette\AppData\Local\Mozilla\Firefox\Profiles\j2oa866v.default\Cache emptied successfully C:\users\winston\AppData\Local\Mozilla\Firefox\Profiles\55r9t9w8.default-1366478536608\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\winston\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\winston\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted bedank reeds voor de hulp
  3. zie hier de log van AdwCleaner # AdwCleaner v2.200 - Verslag gemaakt op 21/04/2013 om 09:50:02 # Geactualiseerd op 02/04/2013 door Xplode # Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits) # Gebruiker : winston - PC_VAN_WINSTON # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\winston\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** Gestopt & Verwijdert : desksvc Gestopt & Verwijdert : Yontoo Desktop Updater ***** [Files / Mappen] ***** File Verwijdert : C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\searchplugins\SearchResults.xml Map Verwijdert : C:\Program Files\Common Files\337 Map Verwijdert : C:\Program Files\Conduit Map Verwijdert : C:\Program Files\Desk 365 Map Verwijdert : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de Map Verwijdert : C:\Program Files\Windows iLivid Toolbar Map Verwijdert : C:\Program Files\Yontoo Map Verwijdert : C:\ProgramData\~0 Map Verwijdert : C:\ProgramData\eSafe Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 Map Verwijdert : C:\ProgramData\Tarma Installer Map Verwijdert : C:\Users\winston\AppData\Local\Conduit Map Verwijdert : C:\Users\winston\AppData\Local\Ilivid Player Map Verwijdert : C:\Users\winston\AppData\Local\PackageAware Map Verwijdert : C:\Users\winston\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\winston\AppData\Roaming\Desk 365 Map Verwijdert : C:\Users\winston\AppData\Roaming\eIntaller Map Verwijdert : C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\ConduitCommon Map Verwijdert : C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} Map Verwijdert : C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\extensions\plugin@yontoo.com Map Verwijdert : C:\Users\winston\AppData\Roaming\Yontoo Map Verwijdert : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\APN PIP Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AskToolbar Sleutel Verwijdert : HKCU\Software\Ask.com Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Sleutel Verwijdert : HKCU\Software\PIP Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\Desksvc Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365 Sleutel Verwijdert : HKLM\Software\PIP Sleutel Verwijdert : HKLM\Software\Tarma Installer Sleutel Verwijdert : HKLM\Software\V9 ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v4.0.1 (nl) File : C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\55r9t9w8.default-1366478536608\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\prefs.js C:\Users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\user.js ... Verwijdert ! Verwijdert : user_pref("CT2865317..clientLogIsEnabled", true); Verwijdert : user_pref("CT2865317..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Verwijdert : user_pref("CT2865317..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Verwijdert : user_pref("CT2865317.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Verwijdert : user_pref("CT2865317.CTID", "CT2865317"); Verwijdert : user_pref("CT2865317.CurrentServerDate", "8-11-2011"); Verwijdert : user_pref("CT2865317.DSChangedManually", true); Verwijdert : user_pref("CT2865317.DSInstall", true); Verwijdert : user_pref("CT2865317.DialogsAlignMode", "LTR"); Verwijdert : user_pref("CT2865317.DialogsGetterLastCheckTime", "Mon Nov 07 2011 17:34:27 GMT+0100"); Verwijdert : user_pref("CT2865317.DownloadReferralCookieData", ""); Verwijdert : user_pref("CT2865317.EMailNotifierCheckInterval", "5"); Verwijdert : user_pref("CT2865317.EMailNotifierLabelLength", 6); Verwijdert : user_pref("CT2865317.EMailNotifierPollDate", "Tue Nov 08 2011 14:27:15 GMT+0100"); Verwijdert : user_pref("CT2865317.EMailNotifierSound", "NONE"); Verwijdert : user_pref("CT2865317.FeedLastCount5397019970362056034", 78); Verwijdert : user_pref("CT2865317.FeedPollDate2429156812186649977", "Mon Nov 07 2011 17:34:06 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813040823546", "Mon Nov 07 2011 17:34:05 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813130095866", "Mon Nov 07 2011 17:34:05 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813224203613", "Mon Nov 07 2011 17:34:05 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813230837251", "Mon Nov 07 2011 17:34:06 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813454291735", "Mon Nov 07 2011 17:34:06 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813729834876", "Mon Nov 07 2011 17:34:05 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813860870021", "Mon Nov 07 2011 17:34:06 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156814264681793", "Mon Nov 07 2011 17:34:06 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156814863075366", "Mon Nov 07 2011 17:34:05 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156815257761081", "Mon Nov 07 2011 17:34:05 GMT+0100"); Verwijdert : user_pref("CT2865317.FeedTTL2429156813130095866", 10); Verwijdert : user_pref("CT2865317.FeedTTL2429156814264681793", 5); Verwijdert : user_pref("CT2865317.FirstServerDate", "7-11-2011"); Verwijdert : user_pref("CT2865317.FirstTime", true); Verwijdert : user_pref("CT2865317.FirstTimeFF3", true); Verwijdert : user_pref("CT2865317.FixPageNotFoundErrors", false); Verwijdert : user_pref("CT2865317.GroupingServerCheckInterval", 1440); Verwijdert : user_pref("CT2865317.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Verwijdert : user_pref("CT2865317.HPInstall", false); Verwijdert : user_pref("CT2865317.HasUserGlobalKeys", true); Verwijdert : user_pref("CT2865317.HomePageProtectorEnabled", false); Verwijdert : user_pref("CT2865317.HomepageBeforeUnload", "hxxp://www.google.be/"); Verwijdert : user_pref("CT2865317.Initialize", true); Verwijdert : user_pref("CT2865317.InitializeCommonPrefs", true); Verwijdert : user_pref("CT2865317.InstallationAndCookieDataSentCount", 3); Verwijdert : user_pref("CT2865317.InstallationType", "UnknownIntegration"); Verwijdert : user_pref("CT2865317.InstalledDate", "Mon Nov 07 2011 17:34:01 GMT+0100"); Verwijdert : user_pref("CT2865317.IsAlertDBUpdated", true); Verwijdert : user_pref("CT2865317.IsGrouping", false); Verwijdert : user_pref("CT2865317.IsInitSetupIni", true); Verwijdert : user_pref("CT2865317.IsMulticommunity", false); Verwijdert : user_pref("CT2865317.IsOpenThankYouPage", true); Verwijdert : user_pref("CT2865317.IsOpenUninstallPage", false); Verwijdert : user_pref("CT2865317.IsProtectorsInit", true); Verwijdert : user_pref("CT2865317.LanguagePackLastCheckTime", "Tue Nov 08 2011 17:34:31 GMT+0100"); Verwijdert : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440); Verwijdert : user_pref("CT2865317.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Verwijdert : user_pref("CT2865317.LastLogin_3.7.0.6", "Tue Nov 08 2011 17:33:52 GMT+0100"); Verwijdert : user_pref("CT2865317.LatestVersion", "3.8.0.8"); Verwijdert : user_pref("CT2865317.Locale", "nl"); Verwijdert : user_pref("CT2865317.MCDetectTooltipHeight", "83"); Verwijdert : user_pref("CT2865317.MCDetectTooltipShow", false); Verwijdert : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Verwijdert : user_pref("CT2865317.MCDetectTooltipWidth", "295"); Verwijdert : user_pref("CT2865317.MyStuffEnabledAtInstallation", true); Verwijdert : user_pref("CT2865317.OriginalFirstVersion", "3.7.0.6"); Verwijdert : user_pref("CT2865317.SavedHomepage", "hxxp://www.google.be/"); Verwijdert : user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search"); Verwijdert : user_pref("CT2865317.SearchEngineBeforeUnload", "Bing"); Verwijdert : user_pref("CT2865317.SearchFromAddressBarIsInit", true); Verwijdert : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...] Verwijdert : user_pref("CT2865317.SearchInNewTabEnabled", true); Verwijdert : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440); Verwijdert : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Tue Nov 08 2011 17:34:34 GMT+0100"); Verwijdert : user_pref("CT2865317.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Verwijdert : user_pref("CT2865317.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Verwijdert : user_pref("CT2865317.SearchProtectorEnabled", false); Verwijdert : user_pref("CT2865317.SearchProtectorToolbarDisabled", false); Verwijdert : user_pref("CT2865317.SendProtectorDataViaLogin", true); Verwijdert : user_pref("CT2865317.ServiceMapLastCheckTime", "Tue Nov 08 2011 17:33:52 GMT+0100"); Verwijdert : user_pref("CT2865317.SettingsLastCheckTime", "Tue Nov 08 2011 17:33:52 GMT+0100"); Verwijdert : user_pref("CT2865317.SettingsLastUpdate", "1313478222"); Verwijdert : user_pref("CT2865317.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13"); Verwijdert : user_pref("CT2865317.ThirdPartyComponentsInterval", 504); Verwijdert : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Mon Nov 07 2011 17:33:52 GMT+0100"); Verwijdert : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1256026239"); Verwijdert : user_pref("CT2865317.ToolbarShrinkedFromSetup", false); Verwijdert : user_pref("CT2865317.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2865317"); Verwijdert : user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Verwijdert : user_pref("CT2865317.UserID", "UN49884697431332390"); Verwijdert : user_pref("CT2865317.ValidationData_Toolbar", 2); Verwijdert : user_pref("CT2865317.WeatherNetwork", ""); Verwijdert : user_pref("CT2865317.WeatherPollDate", "Tue Nov 08 2011 14:07:16 GMT+0100"); Verwijdert : user_pref("CT2865317.WeatherUnit", "C"); Verwijdert : user_pref("CT2865317.alertChannelId", "1257316"); Verwijdert : user_pref("CT2865317.approveUntrustedApps", false); Verwijdert : user_pref("CT2865317.backendstorage.cbfirsttime", "4D6F6E204E6F7620303720323031312031373A33343A35312[...] Verwijdert : user_pref("CT2865317.backendstorage.pairingkey", "32423246443443393230413430444545373944314439314230[...] Verwijdert : user_pref("CT2865317.components.129363015615494356", false); Verwijdert : user_pref("CT2865317.components.129363015617994372", false); Verwijdert : user_pref("CT2865317.components.129363015617994373", false); Verwijdert : user_pref("CT2865317.components.129416029873125873", false); Verwijdert : user_pref("CT2865317.components.129544682758064198", false); Verwijdert : user_pref("CT2865317.components.5397019970362056034", false); Verwijdert : user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Verwijdert : user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Tue Nov 08 2011 16:01:27 GMT+0100"); Verwijdert : user_pref("CT2865317.homepageProtectorEnableByLogin", true); Verwijdert : user_pref("CT2865317.initDone", true); Verwijdert : user_pref("CT2865317.isAppTrackingManagerOn", true); Verwijdert : user_pref("CT2865317.myStuffEnabled", true); Verwijdert : user_pref("CT2865317.myStuffPublihserMinWidth", 400); Verwijdert : user_pref("CT2865317.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Verwijdert : user_pref("CT2865317.myStuffServiceIntervalMM", 1440); Verwijdert : user_pref("CT2865317.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Verwijdert : user_pref("CT2865317.oldAppsList", "129363015615025603,129363015615338104,111,1000234,12936301561549[...] Verwijdert : user_pref("CT2865317.revertSettingsEnabled", true); Verwijdert : user_pref("CT2865317.searchProtectorDialogDelayInSec", 10); Verwijdert : user_pref("CT2865317.searchProtectorEnableByLogin", true); Verwijdert : user_pref("CT2865317.testingCtid", ""); Verwijdert : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Tue Nov 08 2011 17:34:27 GMT+0100"); Verwijdert : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Mon Nov 07 2011 17:34:31 GMT+0100"); Verwijdert : user_pref("CT2865317.usagesFlag", 2); Verwijdert : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2865317&Search[...] Verwijdert : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_NL Customized Web Search"); Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1257316/1252989/BE", "\"0\"[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317",[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2865317&octid=[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"1ec[...] Verwijdert : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\winston\\AppData\\Roaming\\Mozilla\[...] Verwijdert : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6"); Verwijdert : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://listen.grooveshark.com/ ", "800x599"); Verwijdert : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...] Verwijdert : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.bearshare.com/web?src=ffb&[...] Verwijdert : user_pref("CommunityToolbar.ToolbarsList", "CT2865317"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList2", "CT2865317"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList4", "CT2865317"); Verwijdert : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 07 2011 17:34:34 GMT+0100"); Verwijdert : user_pref("CommunityToolbar.globalUserId", "ec28c625-a35e-407e-8d7c-7ce6c3c4deb5"); Verwijdert : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Verwijdert : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Verwijdert : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2865317"); Verwijdert : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Nov 07 2011 17:34:2[...] Verwijdert : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Verwijdert : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Nov 07 2011 18:34:39 GMT+010[...] Verwijdert : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Verwijdert : user_pref("CommunityToolbar.notifications.locale", "en"); Verwijdert : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Verwijdert : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Nov 08 2011 17:33:51 GMT+0100"); Verwijdert : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Verwijdert : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Verwijdert : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Verwijdert : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Verwijdert : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Verwijdert : user_pref("CommunityToolbar.notifications.userId", "8e036024-62a0-4226-b983-063fedbc4987"); Verwijdert : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.be/"); Verwijdert : user_pref("CommunityToolbar.originalSearchEngine", "Bing"); Verwijdert : user_pref("browser.search.defaultengine", "Ask.com"); Verwijdert : user_pref("browser.search.defaultthis.engineName", "uTorrentBar_NL Customized Web Search"); Verwijdert : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true); Verwijdert : user_pref("quickstores.toolbar.affid", "2006"); Verwijdert : user_pref("quickstores.toolbar.guid", "{695613C3-85E7-9BA5-6D34-65B4A229C172}"); -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Users\winston\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [19689 octets] - [21/04/2013 09:50:02] ########## EOF - C:\AdwCleaner[s1].txt - [19750 octets] ########## en deze van HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:12:25, on 21/04/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Users\winston\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\winston\Downloads\progammas\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Dropbox.lnk = C:\Users\winston\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 8680 bytes alvast dank - - - Updated - - - ik heb firefox gesloten en terug geopend en het is nog steeds portaldosites.com die open in plaats van google via internet explorer is het in orde
  4. wanneer ik Firefox of Internet explorer opstart kom ik niet op Google maar op Portaldosites.com ik heb al met malwarebytes anti-Malware gescand deze geef geen malware dan heb ik met SuperAntiSpyware free Edition deze geeft 38 malwares van Yontoo deze zijn hopenlijk verwijderd die Yontoo kon ik niet uit mijn progammas verwijderen als ook Desk 365 niet wat staat er mij te doen ? beste dank al arlet zie hier mijn Hijackthi Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:00:15, on 20/04/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\winston\AppData\Roaming\Yontoo\YontooDesktop.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe C:\Users\winston\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\winston\Downloads\progammas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Portaldosites.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portaldosites.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Portaldosites.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Portaldosites.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Portaldosites.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Portaldosites.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Portaldosites.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Portaldosites.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Desk 365] "C:\Program Files\Desk 365\desk365.exe" /autorun O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\winston\AppData\Roaming\Yontoo\YontooDesktop.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Dropbox.lnk = C:\Users\winston\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Desk 365 service (desksvc) - 337 Technology Limited. - C:\Program Files\Desk 365\deskSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10614 bytes
  5. Kape hartelijk bedankt voor de hulp bij dit probleem Arlet
  6. ik heb zopas een update van Windows geïnstalleerd en de fout lijk opgeloste te zijn
  7. Deze fout doet zich nog altijd voor ---------- Post toegevoegd om 10:48 ---------- Vorige post was om 10:39 ---------- wanneer ik een divx of avi afspeel doen hij dit niet maar wanneer ik een vts van een dvd afspeel heb ik de fout melding als ook nu krijg ik dat er een probleem met Impgspl.ax is beste dank al
  8. dit is terug het log bestand ComboFix 12-06-12.01 - winston 12/06/2012 18:34:57.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3032.1682 [GMT 2:00] Gestart vanuit: c:\users\winston\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\winston\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))) . . 2012-06-12 16:55 . 2012-06-12 16:55 -------- d-----w- c:\users\winston\AppData\Local\temp 2012-06-12 16:55 . 2012-06-12 16:55 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-12 16:55 . 2012-06-12 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-12 16:55 . 2012-06-12 16:55 -------- d-----w- c:\users\Arlette\AppData\Local\temp 2012-06-12 14:25 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{815C4E1C-841C-48B8-9DDA-E18001769844}\mpengine.dll 2012-06-06 16:41 . 2012-06-06 16:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-06 16:41 . 2012-06-06 16:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 16:23 . 2012-04-04 17:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 16:23 . 2011-05-22 16:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-04-09 17:49 . 2010-06-29 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2009-08-12 16:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 17:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 17:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36 . 2012-05-12 17:11 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39 . 2012-05-12 17:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 23:28 . 2012-05-12 17:10 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-06-06 16:41 . 2011-05-02 05:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-18 880496] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-06-05 520192] "LaunchPad"="c:\program files\Launch Pad\LaunchPad.exe" [2008-07-12 2260992] "PowerManager"="c:\program files\Power Manager\PM.exe" [2008-05-22 1675264] "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712] "Skytel"="Skytel.exe" [2007-11-21 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-17 13531680] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-17 92704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-03-10 35712] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:23] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2011-08-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC_van_winston_winston.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-12 18:55 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-06-12 18:58:46 ComboFix-quarantined-files.txt 2012-06-12 16:58 ComboFix2.txt 2012-06-12 14:43 ComboFix3.txt 2012-03-21 19:48 . Pre-Run: 30.005.059.584 bytes beschikbaar Post-Run: 29.960.388.608 bytes beschikbaar . - - End Of File - - 525FB7ACA42AED1A02230803A6EF3827
  9. hallo Kape zie hier mijn combofixlog ComboFix 12-06-12.01 - winston 12/06/2012 16:08:12.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3032.1106 [GMT 2:00] Gestart vanuit: c:\users\winston\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\avisynth.dll c:\windows\system32\devil.dll c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))) . . 2012-06-12 14:39 . 2012-06-12 14:39 -------- d-----w- c:\users\winston\AppData\Local\temp 2012-06-06 16:41 . 2012-06-06 16:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-06 16:41 . 2012-06-06 16:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 16:23 . 2012-04-04 17:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 16:23 . 2011-05-22 16:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-04-09 17:49 . 2010-06-29 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2009-08-12 16:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 17:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 17:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36 . 2012-05-12 17:11 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39 . 2012-05-12 17:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 23:28 . 2012-05-12 17:10 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-06-06 16:41 . 2011-05-02 05:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-18 880496] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-06-05 520192] "LaunchPad"="c:\program files\Launch Pad\LaunchPad.exe" [2008-07-12 2260992] "PowerManager"="c:\program files\Power Manager\PM.exe" [2008-05-22 1675264] "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712] "Skytel"="Skytel.exe" [2007-11-21 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-17 13531680] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-17 92704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-03-10 35712] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:23] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2011-08-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC_van_winston_winston.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-12 16:39 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\avast! sandbox . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-06-12 16:43:12 ComboFix-quarantined-files.txt 2012-06-12 14:43 ComboFix2.txt 2012-03-21 19:48 . Pre-Run: 25.516.843.008 bytes beschikbaar Post-Run: 32.779.382.784 bytes beschikbaar . - - End Of File - - DE6F4FBCFD8A323128525B4D1016BAB7
  10. wanneer ik een film in windows mediaplayer wil afspelen krijg ik steeds een fout melding van Windows - hostproces(rundll32) werkt niet meer The dll "cpuinf32.dll" can not be loaded.OS reports:kan opgegevenmodule niet vinden hierbij voeg ik een hijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:05:29, on 11/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Internet Explorer\IELowutil.exe C:\Users\winston\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] "C:\Program Files\Hotkey Utility\tray.exe" O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [skytel] "Skytel.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9349 bytes hopend op hulp van jullie dank ik u al van harte Arlet Cousine
  11. opgelost nonmaals hartelijke dank voor de hulp
  12. ziehier de nieuwe log ComboFix 12-03-20.01 - winston 21/03/2012 20:24:19.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3032.1647 [GMT 1:00] Gestart vanuit: c:\users\winston\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\winston\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))) . . 2012-03-21 19:45 . 2012-03-21 19:45 -------- d-----w- c:\users\winston\AppData\Local\temp 2012-03-21 19:45 . 2012-03-21 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-21 19:45 . 2012-03-21 19:45 -------- d-----w- c:\users\Arlette\AppData\Local\temp 2012-03-21 19:07 . 2012-03-21 19:07 -------- d-----w- c:\windows\Sun 2012-03-21 16:37 . 2012-03-21 16:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-21 16:37 . 2012-03-21 16:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-20 15:36 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31FDC4E8-B019-49D5-B83F-FD308E6773D4}\mpengine.dll 2012-03-19 01:20 . 2012-03-19 18:17 -------- d-----w- c:\windows\Microsoft Antimalware 2012-03-15 16:39 . 2012-03-15 16:39 -------- d-----w- c:\programdata\backup 2012-03-14 16:57 . 2012-03-14 16:58 -------- d-----w- c:\users\winston\AppData\Roaming\kodak 2012-03-14 16:29 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 16:29 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 16:02 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 16:02 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 16:02 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 16:02 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 16:02 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 16:02 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-11 17:11 . 2012-03-14 10:52 -------- d-----w- c:\program files\iPod(6) 2012-03-11 17:11 . 2012-03-11 17:14 -------- d-----w- c:\program files\iTunes(7) 2012-02-26 15:54 . 2012-01-18 14:55 922184 ----a-w- c:\windows\system32\pwNative.exe 2012-02-26 15:54 . 2012-01-18 14:55 16472 ------w- c:\windows\system32\pwdrvio.sys 2012-02-26 15:53 . 2012-01-18 14:55 11104 ------w- c:\windows\system32\pwdspio.sys 2012-02-26 14:59 . 2012-02-26 14:59 -------- d-----w- c:\program files\EASEUS 2012-02-26 14:35 . 2012-02-26 14:35 -------- d-----w- c:\programdata\redistpart . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-07 00:15 . 2010-09-11 17:27 41184 ----a-w- c:\windows\avastSS.scr 2012-03-07 00:15 . 2009-03-01 18:07 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-07 00:03 . 2011-03-14 13:28 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-07 00:03 . 2009-03-01 18:07 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-07 00:02 . 2009-03-01 18:07 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-07 00:01 . 2009-03-01 18:07 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-07 00:01 . 2009-03-01 18:07 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-07 00:01 . 2009-03-01 18:07 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-05 09:37 . 2011-05-22 16:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2009-10-02 17:12 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-03-21 16:37 . 2011-05-02 05:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-06-05 520192] "LaunchPad"="c:\program files\Launch Pad\LaunchPad.exe" [2008-07-12 2260992] "PowerManager"="c:\program files\Power Manager\PM.exe" [2008-05-22 1675264] "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712] "Skytel"="Skytel.exe" [2007-11-21 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-17 13531680] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-17 92704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-03-10 35712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2011-08-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC_van_winston_winston.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-21 20:45 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-03-21 20:48:53 ComboFix-quarantined-files.txt 2012-03-21 19:48 ComboFix2.txt 2012-03-21 18:32 ComboFix3.txt 2012-03-20 19:07 . Pre-Run: 34.553.139.200 bytes beschikbaar Post-Run: 34.525.327.360 bytes beschikbaar . - - End Of File - - D3B5FBA2647F7F58CB611FCB5EE1CF4B
  13. ziehier de inhoud van het Combofix .exe ComboFix 12-03-20.01 - winston 21/03/2012 19:08:42.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3032.1721 [GMT 1:00] Gestart vanuit: c:\users\winston\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))) . . 2012-03-21 18:29 . 2012-03-21 18:29 -------- d-----w- c:\users\winston\AppData\Local\temp 2012-03-21 18:29 . 2012-03-21 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-21 18:29 . 2012-03-21 18:29 -------- d-----w- c:\users\Arlette\AppData\Local\temp 2012-03-21 16:37 . 2012-03-21 16:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-21 16:37 . 2012-03-21 16:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-20 15:36 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31FDC4E8-B019-49D5-B83F-FD308E6773D4}\mpengine.dll 2012-03-19 01:20 . 2012-03-19 18:17 -------- d-----w- c:\windows\Microsoft Antimalware 2012-03-15 16:39 . 2012-03-15 16:39 -------- d-----w- c:\programdata\backup 2012-03-14 16:57 . 2012-03-14 16:58 -------- d-----w- c:\users\winston\AppData\Roaming\kodak 2012-03-14 16:29 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 16:29 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 16:02 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 16:02 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 16:02 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 16:02 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 16:02 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 16:02 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-11 17:11 . 2012-03-14 10:52 -------- d-----w- c:\program files\iPod(6) 2012-03-11 17:11 . 2012-03-11 17:14 -------- d-----w- c:\program files\iTunes(7) 2012-02-26 15:54 . 2012-01-18 14:55 922184 ----a-w- c:\windows\system32\pwNative.exe 2012-02-26 15:54 . 2012-01-18 14:55 16472 ------w- c:\windows\system32\pwdrvio.sys 2012-02-26 15:53 . 2012-01-18 14:55 11104 ------w- c:\windows\system32\pwdspio.sys 2012-02-26 14:59 . 2012-02-26 14:59 -------- d-----w- c:\program files\EASEUS 2012-02-26 14:35 . 2012-02-26 14:35 -------- d-----w- c:\programdata\redistpart . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-07 00:15 . 2010-09-11 17:27 41184 ----a-w- c:\windows\avastSS.scr 2012-03-07 00:15 . 2009-03-01 18:07 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-07 00:03 . 2011-03-14 13:28 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-07 00:03 . 2009-03-01 18:07 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-07 00:02 . 2009-03-01 18:07 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-07 00:01 . 2009-03-01 18:07 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-07 00:01 . 2009-03-01 18:07 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-07 00:01 . 2009-03-01 18:07 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-05 09:37 . 2011-05-22 16:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2009-10-02 17:12 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-03-21 16:37 . 2011-05-02 05:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-06-05 520192] "LaunchPad"="c:\program files\Launch Pad\LaunchPad.exe" [2008-07-12 2260992] "PowerManager"="c:\program files\Power Manager\PM.exe" [2008-05-22 1675264] "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712] "Skytel"="Skytel.exe" [2007-11-21 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-17 13531680] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-17 92704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-03-10 35712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2011-08-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC_van_winston_winston.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-21 19:29 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\avast! sandbox . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-03-21 19:32:57 ComboFix-quarantined-files.txt 2012-03-21 18:32 ComboFix2.txt 2012-03-20 19:07 . Pre-Run: 34.526.060.544 bytes beschikbaar Post-Run: 34.454.175.744 bytes beschikbaar . - - End Of File - - A1FE3F7A31EB93F8D5AF2BFAF448A180
  14. ik dit gedaan maar heb mijn virus scan niet uit gezet combofix is herstart maar heeft geen log bestand gemaakt
  15. zie hier de log van combofix hartelijke dank voor de hulp die ik van jullie heb ontvangen voor het verwijderen van de virus ik denk dat het nu in orde is ComboFix 12-03-20.01 - winston 20/03/2012 19:07:05.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3032.1607 [GMT 1:00] Gestart vanuit: c:\users\winston\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\winston\AppData\Roaming\inst.exe c:\users\winston\AppData\Roaming\vso_ts_preview.xml c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\skinboxer43.dll c:\windows\system32\WinIo.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WINIO -------\Service_WINIO . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))) . . . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-07 00:15 . 2010-09-11 17:27 41184 ----a-w- c:\windows\avastSS.scr 2012-03-07 00:15 . 2009-03-01 18:07 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-07 00:03 . 2011-03-14 13:28 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-07 00:03 . 2009-03-01 18:07 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-07 00:02 . 2009-03-01 18:07 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-07 00:01 . 2009-03-01 18:07 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-07 00:01 . 2009-03-01 18:07 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-07 00:01 . 2009-03-01 18:07 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-05 09:37 . 2011-05-22 16:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2009-10-02 17:12 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-13 13:44 . 2012-03-14 16:02 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-02-18 14:10 . 2011-05-02 05:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-06-05 520192] "LaunchPad"="c:\program files\Launch Pad\LaunchPad.exe" [2008-07-12 2260992] "PowerManager"="c:\program files\Power Manager\PM.exe" [2008-05-22 1675264] "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712] "Skytel"="Skytel.exe" [2007-11-21 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-17 13531680] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-17 92704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-03-10 35712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14] . 2011-08-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC_van_winston_winston.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\winston\AppData\Roaming\Mozilla\Firefox\Profiles\zhcbp7di.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q= . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe . . . ************************************************************************** scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1688) c:\windows\system32\NVSVC.DLL c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . Voltooingstijd: 2012-03-20 20:06:56 - machine werd herstart . Pre-Run: 35.057.459.200 bytes beschikbaar Post-Run: 34.688.045.056 bytes beschikbaar .
  16. heb alles gedaan enziehier log bestand de pc start heel traag op Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:54:28, on 20/03/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Users\winston\Downloads\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] "C:\Program Files\Hotkey Utility\tray.exe" O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [skytel] "Skytel.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10037 bytes dank ook voor deze hulp
  17. sorry voor zo laat te antwoorden heb dit allemaal gedaan meer dan 6 uur gescand wel nog malware verwijderd maar F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif staat er nog altijd zie hier de log en nogmaals hartelijk dank al voor alles Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:03:13, on 19/03/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\IELowutil.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\winston\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] "C:\Program Files\Hotkey Utility\tray.exe" O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [skytel] "Skytel.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10059 bytes
  18. [h=2][/h] Start de pc op in veilige modus. Start Hijackthis op als administrator. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Vink alleen de items aan die hieronder zijn genoemd: F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif Klik op 'Fix checked' om de items te verwijderen. heb alles gedaan zoals beschreven ,na er opstarten was het er weer zie hier mijn nieuwe log [h=2][/h]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:01:10, on 18/03/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\winston\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] "C:\Program Files\Hotkey Utility\tray.exe" O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [skytel] "Skytel.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9933 bytes
  19. dank voor de hulp maar wanneer ik in het register het bestand het bestand wil verwijderen gaat het niet ik heb de pc terug opgestart maar het zit ernog in hierbij terug het log bestand van hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:00:09, on 18/03/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\winston\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] "C:\Program Files\Hotkey Utility\tray.exe" O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [skytel] "Skytel.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9961 bytes nogmaals al dank
  20. na het opstarten krijg ik nog steeds Kan het bestand C:\users naam\LOCALS~1\Temp\mstayoepf.pif, dat in het register staat vermeld ,niet laden of starten .Controleerd od dit bestand op uw computer of verwijder de verwijzing naar dit bestand uit het register. dank voor het snelle antwoord en hulp arlet
  21. zie hier het log bestand van Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.03.17.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 winston :: PC_VAN_WINSTON [administrator] 17/03/2012 18:57:13 mbam-log-2012-03-17 (18-57-13).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 199881 Verstreken tijd: 7 minuut/minuten, 39 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) de log van Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:10:37, on 17/03/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\notepad.exe C:\Users\winston\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] "C:\Program Files\Hotkey Utility\tray.exe" O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [skytel] "Skytel.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9936 bytes reeds dank al voor de help
  22. sinds woensdag heb ik bezoek gekregen van van het bundespolizei ik heb al een scan gedaan met Malwarebytes die 3 trojan Ramsom BP heeft verwijderd nadien heb Cclaener er op los gelaten het resultaat is bij het opstraten krijg ik Kan het bestand C:\users naam\LOCALS~1\Temp\mstayoepf.pif, dat in het register staat vermeld ,niet laden of starten .Controleerd od dit bestand op uw computer of verwijder de verwijzing naar dit bestand uit het register. http://www.pc-helpforum.be de pc start wel voort op hieronder mijn hijackthis.log graag hulp aub. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:47:11, on 16/03/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Launch Pad\LaunchPad.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\winston\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Conduit Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) F3 - REG:win.ini: load=C:\Users\winston\LOCALS~1\Temp\mstayoepf.pif O1 - Hosts: ::1 localhost O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file) O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [FIC HotKey] "C:\Program Files\Hotkey Utility\tray.exe" O4 - HKLM\..\Run: [LaunchPad] "C:\Program Files\Launch Pad\LaunchPad.exe" O4 - HKLM\..\Run: [PowerManager] "C:\Program Files\Power Manager\PM.exe" O4 - HKLM\..\Run: [FSCRecovery] "c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [skytel] "Skytel.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b622bce72db9) (gupdate1c9b622bce72db9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10591 bytes dank
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.