jaksken
-
Items
32 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door jaksken
-
-
Juisterr,
Uiteindelijk gelukt!!!!!
hierbij het logje:
HitmanPro 3.7.7.205 [url="http://www.hitmanpro.com"]www.hitmanpro.com[/url] Computer name . . . . : JOHANDOUANEPC Windows . . . . . . . : 5.1.3.2600.X86/2 User name . . . . . . : JOHANDOUANEPC\Administrator License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-09-01 21:02:21 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 19 Traces . . . . . . . : 260 Objects scanned . . . : 364.257 Files scanned . . . . : 11.533 Remnants scanned . . : 50.600 files / 302.124 keys Malware _____________________________________________________________________ C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5174708565774612091.tmp -> Quarantined Size . . . . . . . : 17.651 bytes Age . . . . . . . : 0.2 days (2013-09-01 15:08:57) Entropy . . . . . : 7.9 SHA-256 . . . . . : 7264C9D2C65711EBAA47C99B44A8B8199EA2A5280EA169508FA6D06B4BEF0DED > Kaspersky . . . . : HEUR:Exploit.Java.CVE-2012-1723.gen Fuzzy . . . . . . : 102.0 Forensic Cluster -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\0\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\host\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\2\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\4\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\6\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\7\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\8\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\12\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\13\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\15\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\16\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\17\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\18\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\19\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\20\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\22\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\23\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\25\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\28\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\29\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\32\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\34\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\35\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\40\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\42\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\48\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\49\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\51\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\53\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\54\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\55\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\56\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\58\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\59\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\60\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\61\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\63\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\tmp\ -1.0s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\muffin\ 0.0s C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5174708565774612091.tmp 0.3s C:\Documents and Settings\Administrator\Local Settings\Temp\pijkxupsbdnfplkpsfc.exe 0.8s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\818db98-4809fd60.idx 0.8s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\818db98-4809fd60 0.8s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 12.9s C:\Documents and Settings\Administrator\Local Settings\Temp\cfspklpfndbspuxkjip.pad 15.4s C:\Documents and Settings\Administrator\Local Settings\Temp\78657465w3ert.txt 16.1s C:\Documents and Settings\Administrator\Local Settings\Temp\cfspklpfndbspuxkjip.js C:\Documents and Settings\Administrator\Local Settings\Temp\pijkxupsbdnfplkpsfc.exe -> PendingDelete Size . . . . . . . : 152.169 bytes Age . . . . . . . : 0.2 days (2013-09-01 15:08:57) Entropy . . . . . : 6.7 SHA-256 . . . . . : 5B72660F8C26807F03DCBB124A5B3D4763FDC162968CC1AC1B51B551C9EADA21 Product . . . . . : Microsoft® .NET Framework Publisher . . . . : Microsoft Corporation Description . . . : MSBuild.exe Version . . . . . : 3.5.30729.4926 Copyright . . . . : © Microsoft Corporation. All rights reserved. > Kaspersky . . . . : Trojan.Win32.Reveton.azb Fuzzy . . . . . . : 110.0 Startup C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\cfspklpfndbspuxkjip.lnk Forensic Cluster -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\0\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\host\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\2\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\4\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\6\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\7\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\8\ -1.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\12\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\13\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\15\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\16\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\17\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\18\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\19\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\20\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\22\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\23\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\25\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\28\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\29\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\32\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\34\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\35\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\40\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\42\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\48\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\49\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\51\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\53\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\54\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\55\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\56\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\58\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\59\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\60\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\61\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\63\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\tmp\ -1.3s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\muffin\ -0.3s C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5174708565774612091.tmp 0.0s C:\Documents and Settings\Administrator\Local Settings\Temp\pijkxupsbdnfplkpsfc.exe 0.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\818db98-4809fd60.idx 0.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\818db98-4809fd60 0.4s C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 12.6s C:\Documents and Settings\Administrator\Local Settings\Temp\cfspklpfndbspuxkjip.pad 15.0s C:\Documents and Settings\Administrator\Local Settings\Temp\78657465w3ert.txt 15.7s C:\Documents and Settings\Administrator\Local Settings\Temp\cfspklpfndbspuxkjip.js Potential Unwanted Programs _________________________________________________ C:\Documents and Settings\sonja\Local Settings\Application Data\AskToolbar\ (AskBar) C:\Documents and Settings\sonja\Local Settings\Application Data\AskToolbar\APNU\ (AskBar) C:\Documents and Settings\sonja\Local Settings\Application Data\AskToolbar\APNU\config.xml (AskBar) C:\Documents and Settings\sonja\Local Settings\Application Data\AskToolbar\cache.dat (AskBar) C:\Documents and Settings\sonja\Local Settings\Application Data\AskToolbar\config.xml (AskBar) C:\Documents and Settings\sonja\Local Settings\Application Data\AskToolbar\osearch.xml (AskBar) HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar) HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar) HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar) HKLM\SOFTWARE\Classes\s\ (Softonic) HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar) HKU\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Ask.com\ (AskBar) HKU\S-1-5-21-1606980848-1078145449-1417001333-500\Software\AskToolbar\ (AskBar) HKU\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) HKU\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Softonic\ (Softonic) Cookies _____________________________________________________________________ C:\Documents and Settings\Administrator\Cookies\FP8VOUR0.txt C:\Documents and Settings\Administrator\Cookies\UN7V3XSE.txt C:\Documents and Settings\Administrator\Cookies\ZR0T9NJ8.txt
grts
-
Juisterr,
Niet te geloven maar het politievirus is er terug, waarschijnlijk werd het niet volledig verwijderd. 'k probeer anti-malware op te starten maar het virusscherm is me telkens te vlug af. Opstarten in velige modus lukt ook niet!!
En nu??
grts
-
Tweede poging, hopelijk nu volledig.
grts
Zoek.exe Version 4.0.0.4 Updated 31-08-2013
Tool run by Administrator on zo 01/09/2013 at 14:51:02,65.
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Bureaublad\zoek.com [Quick Scan] [Auto Clean]
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Documents and Settings\Administrator\IECompatCache" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
2013-08-24 08:32:36 B04EDA6509FF1196F8F796D6B9377C4D 17139080 ----a-w- C:\WINDOWS\System32\FlashPlayerInstaller.exe
====== C:\WINDOWS\system32\drivers =====
2013-08-31 08:42:46 311C5A8D894563CD2712CD297A34FAFB 37664 ----a-w- C:\WINDOWS\System32\drivers\avgtpx86.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-08-31 08:57:38 -------- d-----w- C:\Program Files\WinZip
2013-08-31 08:42:23 -------- d-----w- C:\Program Files\Common Files\AVG Secure Search
2013-08-31 08:42:18 -------- d-----w- C:\Program Files\AVG Secure Search
2013-08-30 10:42:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
======= C: =====
====== C:\Documents and Settings\Administrator\Application Data ======
2013-08-31 08:59:02 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinZip
2013-08-31 08:58:08 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\WinZip
2013-08-31 08:57:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\WinZip
2013-08-31 08:43:37 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
2013-08-31 08:43:02 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
2013-08-31 08:42:25 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2013-08-30 11:24:41 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-08-30 10:42:33 -------- d-----w- C:\Documents and Settings\sonja\Application Data\SUPERAntiSpyware.com
2013-08-30 10:42:28 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programs\SUPERAntiSpyware
2013-08-30 10:42:28 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programs
2013-08-30 10:42:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-08-30 09:37:42 -------- d-----w- C:\Documents and Settings\sonja\Application Data\TuneUp Software
2013-08-30 08:54:51 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\FilesFrog Update Checker
====== C:\Documents and Settings\Administrator ======
2013-08-31 08:52:57 5EAA3CDD4010BE07B496F7B1428FE88E 424360 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\WinZip175_multi.exe
2013-08-30 12:26:24 -------- d--h--r- C:\Documents and Settings\Administrator\Onlangs geopend
====== C: exe-files ==
2013-09-01 12:32:51 45A9FAC90CA8F263F6DB2EBDC4A9F002 641200 ----a-w- C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\15.5.0\DriverInstaller.exe
2013-09-01 12:32:49 E962D9F3AF9C09DE15D3944D1B1278CC 2301616 ----a-w- C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe
2013-09-01 12:32:46 EB94A2C1F99E9E1634683B916F4EB1A2 1643184 ----a-w- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
2013-09-01 12:32:42 EB94A2C1F99E9E1634683B916F4EB1A2 1643184 ----a-w- C:\WINDOWS\Temp\avg_a02076\CommonFiles\AVG Secure Search\ToolbarUpdater.exe
2013-09-01 12:32:42 E962D9F3AF9C09DE15D3944D1B1278CC 2301616 ----a-w- C:\WINDOWS\Temp\avg_a02076\CommonFiles\AVG Secure Search\ScriptHelper.exe
2013-09-01 12:32:42 E25D3E9D7822C42EF7518EFEB2F3E275 147120 ----a-w- C:\WINDOWS\Temp\avg_a02076\CommonFiles\AVG Secure Search\DriverInstaller_64.exe
2013-09-01 12:32:42 B6FFA8C9B553336D4CE86514A54C408A 926384 ----a-w- C:\WINDOWS\Temp\avg_a02076\ProgFiles\AVG Secure Search\lip.exe
2013-09-01 12:32:42 752A2976E3096D2055F8A97C7B97DF80 1851568 ----a-w- C:\WINDOWS\Temp\avg_a02076\ProgFiles\AVG Secure Search\Uninstall.exe
2013-09-01 12:32:42 491C1E48B638907B8FD8EF8B09AC084E 2314416 ----a-w- C:\WINDOWS\Temp\avg_a02076\ProgFiles\AVG Secure Search\vprot.exe
2013-09-01 12:32:42 45A9FAC90CA8F263F6DB2EBDC4A9F002 641200 ----a-w- C:\WINDOWS\Temp\avg_a02076\CommonFiles\AVG Secure Search\DriverInstaller.exe
2013-09-01 12:32:42 2C1B0965CB65797001053D8956F9CD54 2226864 ----a-w- C:\WINDOWS\Temp\avg_a02076\avg-secure-search-installer.exe
2013-09-01 12:32:42 178C1607D35988153A0E7CBB90C669FC 642224 ----a-w- C:\WINDOWS\Temp\avg_a02076\ProgFiles\AVG Secure Search\PostInstall.exe
2013-09-01 12:32:42 01A17E294876ECB573AD32530961F29B 573616 ----a-w- C:\WINDOWS\Temp\avg_a02076\ConfigFiles\MachineIdCreator.exe
2013-09-01 12:32:39 A8893D3F119C8143B2FC53F5CF21EE01 4547608 ----a-w- C:\WINDOWS\Temp\{E8343CD1-5E4D-4FF1-8502-48738007084B}.exe
2013-08-31 08:52:57 5EAA3CDD4010BE07B496F7B1428FE88E 424360 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\WinZip175_multi.exe
2013-08-31 08:42:46 B387C48CDDB2CC5A9D0D9BBCCBFC50D8 640176 ----a-w- C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\15.4.0\DriverInstaller.exe
2013-08-31 08:42:33 948909A99D9F9F5063128994B3B3D8B0 2267824 ----a-w- C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.4.0\ScriptHelper.exe
2013-08-31 08:42:24 8754BA5FCC85325C229ADCB72087706E 1616048 ----a-w- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
2013-08-31 08:42:18 B6FFA8C9B553336D4CE86514A54C408A 926384 ----a-w- C:\Program Files\AVG Secure Search\lip.exe
2013-08-31 08:42:18 752A2976E3096D2055F8A97C7B97DF80 1851568 ----a-w- C:\Program Files\AVG Secure Search\Uninstall.exe
2013-08-31 08:42:18 491C1E48B638907B8FD8EF8B09AC084E 2314416 ----a-w- C:\Program Files\AVG Secure Search\vprot.exe
2013-08-31 08:42:18 178C1607D35988153A0E7CBB90C669FC 642224 ----a-w- C:\Program Files\AVG Secure Search\PostInstall.exe
2013-08-30 10:44:49 592EDC5CC76B4B8CE2D9D9FB97E21B25 34513760 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\29.0.1547.62\29.0.1547.62_chrome_installer.exe
2013-08-30 08:16:16 9F96249A7823C7C2B9E0B6D46A77CAE6 15920 ----a-w- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrdtestx.exe
2013-08-30 08:16:16 7DDB04EFCA15BEE73286D67270894303 44080 ----a-w- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avguirux.exe
2013-08-30 08:16:16 5A2F938939EAAD5B3328867D57F21ABE 7648648 ----a-w- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe
2013-08-30 08:16:14 E6FED737854FF6D1A4FB2486753CFEA2 278064 ----a-w- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrunasx.exe
2013-08-30 08:16:14 69D812B395637F8FCFEA7C7CC1660AE1 628272 ----a-w- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgntdumpx.exe
2013-08-30 08:16:14 039C9A504E58A0B97C653BD237B200B0 16944 ----a-w- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrdtesta.exe
2013-08-29 11:05:46 D6E84508BBE50BBEEFAF02C865A96836 1070672 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe
2013-08-29 11:05:24 42D0D34CAA293C83B4433A537DF13895 530912 ----a-w- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4413.1752\GoogleToolbarInstaller_updater_signed.exe
2013-08-28 19:27:20 ABD932A233B861AEE91E01C0665117EA 1260032 ----a-w- C:\RECYCLER\S-1-5-21-1606980848-1078145449-1417001333-500\Dc4.exe
=== C: other files ==
2013-09-01 12:49:34 D7B842F8E99848C71BEFB062B9B22070 3754639 ----a-w- C:\RECYCLER\S-1-5-21-1606980848-1078145449-1417001333-500\Dc2.zip
2013-09-01 12:32:42 E647C4315F36756DF5FA38BDEB51F224 45856 ----a-w- C:\WINDOWS\Temp\avg_a02076\CommonFiles\AVG Secure Search\avgtpx64.sys
2013-09-01 12:32:42 311C5A8D894563CD2712CD297A34FAFB 37664 ----a-w- C:\WINDOWS\Temp\avg_a02076\CommonFiles\AVG Secure Search\avgtpx86.sys
2013-09-01 12:32:41 8A196063A0F0305A8A05CCEC1AF746C3 257167 ----a-w- C:\WINDOWS\Temp\avg_a02076\ProgData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx
2013-09-01 12:32:41 567B5EC265B26994AFB11DB13F53B07A 147960 ----a-w- C:\WINDOWS\Temp\avg_a02076\ProgFiles\AVG Secure Search\data.zip
2013-08-31 08:42:46 311C5A8D894563CD2712CD297A34FAFB 37664 ----a-w- C:\WINDOWS\system32\drivers\avgtpx86.sys
2013-08-31 08:42:18 567B5EC265B26994AFB11DB13F53B07A 147960 ----a-w- C:\Program Files\AVG Secure Search\data.zip
2013-08-31 08:31:11 72D58B0C0A1E97C82471B3BD8AB6A1BE 3754054 ----a-w- C:\RECYCLER\S-1-5-21-1606980848-1078145449-1417001333-500\Dc1.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
[HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-1006\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"SDP"="C:\Documents and Settings\Administrator\Local Settings\Application Data\FilesFrog Update Checker\update_checker.exe /auto "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"
"beidsccertprop"="C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe"
"vProt"="C:\Program Files\AVG Secure Search\vprot.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"SDP"="C:\Documents and Settings\Administrator\Local Settings\Application Data\FilesFrog Update Checker\update_checker.exe /auto "
==== Startup Folders ======================
2013-08-29 10:47:28 873 ----a-w- C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\muitjtyfrtncqqmlmlh.lnk
2013-08-31 08:58:07 1713 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24/08/2013 10:32]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/03/2012 16:29]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/03/2012 16:29]
==== Chrome Look ======================
AVG Do Not Track - Administrator - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Docs - sonja - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - sonja - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - sonja - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - sonja - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Card number - sonja - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - sonja - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
{8D05A321-7A90-468A-8ADE-DE6591161F12} Google Url="{searchTerms} - Google Search"
{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="Zoek"
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\liesbet\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\sonja\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\sonja\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\sonja\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on zo 01/09/2013 at 15:01:39,34 ======================
-
Beste,
Hierbij het logje,
mvg
Zoek.exe Version 4.0.0.4 Updated 30-08-2013
Tool run by Administrator on za 31/08/2013 at 11:01:07,70.
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Local Settings\Temp\wz122f\zoek.exe [script inserted]
==== System Restore Info ======================
Failed to create System Restore Point
==== Safe Boot Check ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
Value AlternateShell is missing
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot]
Value AlternateShell is missing
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9FAE1FB8-E71B-4242-8567-21D73E5B4169} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1606980848-1078145449-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot]
"AlternateShell"="cmd.exe"
==== Deleting Files \ Folders ======================
"C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted
"C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job" deleted
"C:\Documents and Settings\All Users\Application Data\036E18F82B17D9798162B5677B07D287\036E18F82B17D9798162B5677B07D287" deleted
"C:\Documents and Settings\All Users\Application Data\036E18F82B17D9798162B5677B07D287\036E18F82B17D9798162B5677B07D287.ico" deleted
"C:\Program Files\Ask.com\Updater\Updater.exe" deleted
"C:\Documents and Settings\All Users\Application Data\036E18F82B17D9798162B5677B07D287" deleted
"C:\Program Files\Ask.com" not deleted
"C:\Documents and Settings\Administrator\IECompatCache" deleted
"C:\Documents and Settings\All Users\Application Data\Ask" deleted
"C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar" deleted
"C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted
"C:\Program Files\Ask.com\Updater" not deleted
==== Files Recently Created / Modified ======================
-
Beste,
Na verwijderen van politievirus en terug opstarten van de PC verdwijnen mijn incoontjes op het brureaublad.
Is het mogelijk volgend logje eens na te zien?
alvast bedankt,
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:50, on 30/08/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [sDP] C:\Documents and Settings\Administrator\Local Settings\Application Data\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-1606980848-1078145449-1417001333-500\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-1606980848-1078145449-1417001333-500 Startup: muitjtyfrtncqqmlmlh.lnk = C:\WINDOWS\system32\rundll32.exe (User '?')
O4 - Startup: muitjtyfrtncqqmlmlh.lnk = C:\WINDOWS\system32\rundll32.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 7567 bytes
-
Kape,
Neen geen reclame meer via die links, alvast bedankt!!
Voor het upgraden van internet explorer 9 neem ik nog contact op.
grts
Jaksken
-
Kape, hierbij het gevraagse logje,
mvg,
# AdwCleaner v2.114 - Verslag gemaakt op 12/03/2013 om 19:10:31
# Geactualiseerd op 05/03/2013 door Xplode
# Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits)
# Gebruiker : johan - LAPTOPJOHAN
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR3IH5JA\2-adwcleaner[1].exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
Map Verwijdert : C:\Program Files\AVG Secure Search
Map Verwijdert : C:\Program Files\SaveByclick
Map Verwijdert : C:\ProgramData\AVG Secure Search
Map Verwijdert : C:\Users\johan\AppData\Local\AVG Secure Search
Map Verwijdert : C:\Users\johan\AppData\LocalLow\AVG Secure Search
Verwijdert bij het opstarten : C:\Program Files\Common Files\AVG Secure Search
Verwijdert bij het opstarten : C:\ProgramData\BetterSoft
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\AVG Secure Search
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\Software\AVG Secure Search
Sleutel Verwijdert : HKLM\Software\AVG Security Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\S
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [browsers] *****
-\\ Internet Explorer v8.0.6001.19154
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]
File : C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
File : C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[s1].txt - [8658 octets] - [11/03/2013 09:47:57]
AdwCleaner[s2].txt - [5115 octets] - [12/03/2013 19:10:31]
########## EOF - C:\AdwCleaner[s2].txt - [5175 octets] ##########
- - - Updated - - -
Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.70.0.1100
CCleaner
Java 7 Update 17
Java 6 Update 7
Java SE Development Kit 7 Update 17
Adobe Flash Player 11.6.602.171
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.46
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
-
Kape,
Ik kan java 5 Update 7 niet verwijderen, ik krijg foutmelding.
Ook problemen bij upgraden van Internet Explorer IE9, ook foutmelding.
Hierna de logjes,
Alvast bedankt
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:03, on 12/03/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IELowutil.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Error Recovery Guide.lnk = C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Unknown owner - C:\Program Files\EgisTec\VITAKEY\BASVC.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
--
End of file - 11962 bytes
Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.70.0.1100
CCleaner
Java 7 Update 17
Java 6 Update 7
Java SE Development Kit 7 Update 17
Adobe Flash Player 11.6.602.171
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.46
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro HiJackThis HiJackThis.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
-
Kape,
Hierna de logjes,
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:29:18, on 11/03/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\WinZip\zipsendservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Error Recovery Guide.lnk = C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Unknown owner - C:\Program Files\EgisTec\VITAKEY\BASVC.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
--
End of file - 12515 bytes
Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.70.0.1100
CCleaner
Java 7 Update 17
Java 6 Update 7
Java SE Development Kit 7 Update 17
Adobe Flash Player 11.6.602.171
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.46
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro HiJackThis HiJackThis.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
mvg
-
Kape,
hierbij mijn Security Check log,
Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.70.0.1100
CCleaner
Java 6 Update 7
Java version out of Date!
Adobe Flash Player 11.6.602.171
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.46
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
grts
-
Beste,
Heb ook last van onderlijnde woorden die doorlinken naar reclame.
Heb gescand met Hijack This V2.0.4 en hierna het logje.
Is het mogelijk dir na te kijken? Alvast bedankt!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:12:31, on 10/03/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\msfeedssync.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: SaveByclick - {5F9D376D-EF66-3A1D-6B3C-0204D24A2247} - C:\ProgramData\SaveByclick\50fe7ee4be215.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; BTRS124342; GTB7.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2)
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Error Recovery Guide.lnk = C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll c:\progra~1\saveby~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Unknown owner - C:\Program Files\EgisTec\VITAKEY\BASVC.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
--
End of file - 11954 bytes
Jaksken
-
Bedankt leolassie!
-
beste,
Ik heb een oude PC die ik wil gebruiken als back-up. Op de PC staan twee versies van Windows XP, één die ik niet meer kan openen en een tweede versie XP Home edition Versie 2002 Service pack1.
Hoe kan ik mijn harde schijf volledig schoonmaken en een nieuwe vesie Winows-XP installeren? Momenteel is mijn harde schijf gesplitst in twee delen: Station C: 39GB en D: 35GB. Is het mogelijk dit op te heffen.
Alle oude bestanden mogen worden gewist.
Welke stappen moet ik ondernemen om:
- het splitsen van mijn harde schijf te annuleren
- alle te verwijderen en XP terug te installeren. Ik beschik over de originele CD Windows XP Home edition en Windows Vista Home Prenium SP1.
Alvast bedankt voor de hulp!
grts
-
Momenteel geen problemen meer, in iedr geval bedankt voor de reactie.
mvg
Jaksken
-
beste,
Ik heb zojuist het politievirus op mij PC gekregen.
Ik heb al terug kunnen opstarten maar zou graag hebben dat jullie de volgende hjackthis nakijken.
Alvast bedankt
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:37, on 26/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge - DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
--
End of file - 7345 bytes
groetjes
-
Is dit niet identiek aan je laatste voorstel?
grts
-
Sorry, maar windows wil niet opstarten, ook niet in veilige modus. Krijg steeds hetzelfde bericht:Windows kan niet worden opgestart vanwege een fout in de software.
Meld dit probleem als:
de benodigde DLL-bestanden voor de kernel laden.
Neem contact op met de leverancier over dit probleem.
grts
-
Beste stegisoft,
K'heb de volgende stappen uitgevoerd:
- Plaats de cd-rom van Windows XP in het cd-station en start de computer opnieuw op. Selecteer desgevraagd de benodigde opties om vanaf de cd op te starten. OK
- Wanneer het tekstgedeelte van Setup begint, volgt u de aanwijzingen. Selecteer de hersteloptie door op R te drukken. OK
- Selecteer de installatie waartoe u toegang wilt krijgen met de herstelconsole als op uw computer kan worden gekozen uit twee of meer besturingssystemen voor het opstarten. OK
- Typ het beheerderswachtwoord wanneer daarom wordt gevraagd. OK, geen wachtwoord is ingesteld.
- Typ 'recovery console commands' bij de opdrachtprompt en raadpleeg vervolgens de opdrachten die worden vermeld in de sectie 'Beschikbare opdrachten in de herstelconsole van Windows'.Hier krijg ik de melding: De opdracht wordt niet herkend. Typ HELP voor een Lijst met ondersteunende opdrachten. Kan je me verder helpen?
Alvast bedankt!
grts
- Plaats de cd-rom van Windows XP in het cd-station en start de computer opnieuw op. Selecteer desgevraagd de benodigde opties om vanaf de cd op te starten. OK
-
Beste,
Bij opstart van Windows XP Home Edition krijg ik de volgende melding:
Windows kan niet worden opgestart vanwege een fout in de software.
Meld dit probleem als:
de benodigde DLL-bestanden voor de kernel laden.
Neem contact op met de leverancier over dit probleem.
Hoe is dit op te lossen?
Alvast bedankt!
-
Beste Kape,
Neen, geen meldingen meer bijgvolg denk ik mijn probleem te kunnen melden als opgelost!
Hartelijk dank
-
Beste,
Log MBAM
Malwarebytes Anti-Malware 1.62.0.1300
Databaseversie: v2012.08.11.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: JOHANDOUANEPC [administrator]
11/08/2012 14:50:51
mbam-log-2012-08-11 (14-50-51).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 216408
Verstreken tijd: 5 minuut/minuten, 7 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Documents and Settings\Administrator\Application Data\msconfig.dat (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Hijack Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:14:29, on 11/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge - DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
--
End of file - 6906 bytes
Grts
-
Hallo,
K' ben ook slachtoffer geworden van het politievirus.
Ik heb de instructies in vorige discussies opgevolgd en hier is dus mijn HijackThis log.
Kunnen jullie helpen? Alvast bedankt!!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:02:00, on 10/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge - DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
--
End of file - 7086 bytes
-
Heb alle bovenstaande mogelijkheden geprobeerd maar nog steeds blijf ik dezelfde melding krijgen.
KB2647516: Cumulatieve beveiligingsupdate voor Internet Explorer 8 voor Windows Vista
Installatiedatum: 9/04/2012 18:27
Installatiestatus: mislukt
Foutdetails: Code 800719E4
Type update: belangrijk
Er is een beveiligingsprobleem vastgesteld waardoor een kwaadwillende gebruiker een systeem waarop Microsoft internet Explorer wordt uitgevoerd, kan beschadigen en controle over het systeem kan krijgen. Installeer deze update van Microsoft om uw computer hiertegen te beveiligen. Wanneer u deze update hebt geïnstalleerd, moet u de computer mogelijk opnieuw opstarten.
Meer informatie:
Help en ondersteuning:
Grts
-
Beste,
De volgende updat mislukt steeds en krijg ik de melding “kan updates niet configureren”
KB2647516: Cumulatieve beveiligingsupdate voor Internet Explorer 8 voor Windows Vista
Laatste installatiedatum: 09/04/2012 16:30
Installatiestatus: mislukt
Foutdetails: Code 800719E4
Hoe kan ik dit oplossen?
Alvast bedankt
problemen na verwijderen politievirus
in Archief Bestrijding malware & virussen
Geplaatst:
Oef! Opgelost! In ieder geval hartelijk dank voor de vlotte antwoorden.