Karl D
-
Items
24 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Karl D
-
-
Ik merk dat er automatisch een programma mee opstart.
Maar het is in Chinese tekens, en ik kan er dus niets van maken.
CCleaner en Malwarebytes al geprobeerd zonder resultaat.
Het programma uitschakelen of verwijderen lukt ook niet. -> toegang geweigerd.
Via taakbeheer en broncontrole zie ik volgende staan
- BaiduSdSvc.exe
- BaiduSdTray.exe
- BaiduHips.exe
- BaiduSdUProxy64.exe
Met telkens in de beschrijving Chinese tekens.Zie bijlage.
Graag tips om hier mee om te gaan.
Verder blijkt dat standaard programma's niet meer aanwezig zijn via start / alle programma's.
Office enz.
-
Beste,
Een heel verschil.
Geen reclame toestanden meer.
Het toestel kan terug normaal gebruikt worden.
Het grootste - zichtbare - verschil was er na de reset van Chrome.
Bedankt voor de bijstand.
Nog volgende vragen.
Het toestel neemt ongeveer 5 minuten om op te starten.
Is dit normaal? Kan dit verbeterd worden? Is dit de juiste plaats om dit te behandelen?
Laat ik Malwarebytes draaien?
Deze start automatisch mee op
Zijn er verder nog vrij verkrijgbare systemen die aan te bevelen zijn.
Karl.
-
[ATTACH]37388[/ATTACH]
-
Er zijn nog continu pagina's die openen.
Zowel volledige pagina's als kleinere vensters die openvouwen. Met én zonder "X" knop.
Zelf een webpagina die in gebruik is wordt soms vervangen door een reclamepagina.
Ter info. Ik zie in de rand "qualitink" staan.
En bij de zoek resultaten google staan eerst de "Buzzdock ads"
Verder is het toestel traag in de opstart.
Bij het (her)opstarten lijkt alles vlot te gaan. Maar dan komt er gedurende 30sec à 1min een zwart scherm alvorens verder op te starten.
-
BullGuard en 3 Java's zijn verwijderd
CCleaner uitgevoerd
Hierbij de E-Peek log
E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014
Downloaded @ E Dev
Run at di 11 nov 2014 14:33
.
Windows 7 Home Premium SP 1 (64 bits)
C:\Windows [NTFS - Fixed]
Default Browser: Google Chrome
Boot mode: Normal boot
User logged in: Wout
.
Java x86: n/a
Java x64: n/a
.
AV : Norton Internet Security [updated - Not Running]
AS : Norton Internet Security [updated - Running]
AS : Windows Defender [updated - Not Running]
FW : FW : Norton Internet Security [updated - Not Running]
.
==================== Files and Folders history =================================
Folders Created Last 7 days :
09/11/2014 ##### r-h-s-d+a- C:\rsit
09/11/2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
09/11/2014 ##### r-h-s-d+a- C:\Program Files\trend micro
09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
09/11/2014 ##### r-h-s-d+a- C:\AdwCleaner
Files Modified Last 7 days :
11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
11/11/2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt
05/11/2014 01672576 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
05/11/2014 00746466 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
05/11/2014 00654932 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
05/11/2014 00154128 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
05/11/2014 00122546 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
Files Created Last 7 days :
09/11/2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
==================== RUNNING PROCESSES =========================================
[AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
[CCleaner64] -Wout- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd)
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
[CVHSVC] -SYSTEM- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE - (Microsoft Corporation)
[daemonu] -UpdatusUser- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe - (NVIDIA Corporation)
[Dropbox] -Wout- C:\Users\Wout\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
[dwm] -Wout- C:\Windows\system32\Dwm.exe - (Microsoft Corporation)
[E-Peek 1.0.5] -Wout- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev)
[explorer] -Wout- C:\Windows\Explorer.EXE - (Microsoft Corporation)
[hkcmd] -Wout- C:\Windows\System32\hkcmd.exe - (Intel Corporation)
[iAStorDataMgrSvc] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
[igfxpers] -Wout- C:\Windows\System32\igfxpers.exe - (Intel Corporation)
[igfxtray] -Wout- C:\Windows\System32\igfxtray.exe - (Intel Corporation)
[iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.)
[iTunesHelper] -Wout- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.)
[LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe - (Intel Corporation)
[lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
[lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation)
[lxeacoms] -SYSTEM- C:\Windows\system32\lxeacoms.exe - ( )
[lxeaserv] -SYSTEM- C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe - (Lexmark International, Inc.)
[mbam] -Wout- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)
[mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
[mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation)
[mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
[nis] -SYSTEM- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation)
[nis] -Wout- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation)
[nvSCPAPISvr] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation)
[PsiService_2] -SYSTEM- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe - (Protexis Inc.)
[RichVideo] -SYSTEM- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe - ()
[searchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
[searchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
[searchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
[services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation)
[sftlist] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - (Microsoft Corporation)
[sftvsa] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - (Microsoft Corporation)
[sidebar] -Wout- C:\Program Files\Windows Sidebar\sidebar.exe - (Microsoft Corporation)
[smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation)
[spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
[taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
[taskeng] -Wout- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
[taskhost] -Wout- C:\Windows\system32\taskhost.exe - (Microsoft Corporation)
[uNS] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe - (Intel Corporation)
[wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
[winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)
[WLIDSVC] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - (Microsoft Corp.)
[WLIDSVCM] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - (Microsoft Corp.)
[WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
[wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)
==================== IE PAGES ==================================================
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com
IE04 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE04 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE10 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE12 - HKLM\..\Toolbar{1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll
IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com
IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE04 x64 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE04 x64 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE10 x64 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll
==================== Auto Load =================================================
AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,
AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
==================== Google Chrome =============================================
GC - Prefpath: C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Preferences
GC - Profile Name: Eerste gebruiker
GC - Homepage:
GC - Default Search Provider:
= Known Disabled Extensions =
==================== Windows Host File =========================================
==================== BHO =======================================================
BHO - [MSS+ Identifier] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} @ Default = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO - [Lexmark Werkbalk] - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll
BHO - [Adobe PDF Link Helper] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} @ Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
BHO - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
BHO - [Norton Vulnerability Protection] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
BHO - [Aanmeldhulp voor Windows Live ID] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO - [Windows Live Messenger Companion Helper] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} @ Default = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
BHO - [Lexmark ] - {D2C5E510-BE6D-42CC-9F61-E4F939078474} @ Default = C:\Program Files\Lexmark Printable Web\bho.dll
BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
BHO x64 - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll
BHO x64 - [Windows Live ID Sign-in Helper] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO x64 - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
==================== Auto Start Programs =======================================
ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
ASP04 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
ASP04 x64 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
==================== Extra Items IE ============================================
EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
EI04 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {11111111-1111-1111-1111-110511131190} =
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {30F9B915-B755-4826-820B-08FBA6BD249D} =
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {A40DC6C5-79D0-4CA8-A185-8FF989AF1115} =
==================== Internet Default Prefix ===================================
IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
==================== Default Settings IE - DSIE ================================
DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId
==================== Protocol Hijackers - PH ===================================
PH00 - Handler:osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [405251ed82d69e5893f1e7e923b7f38b]
PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [31d70e22e0e929e2a1279f51245624cc]
==================== ShellServiceObjectDelayLoad - SSODL =======================
SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
==================== Extra items - EXT (Torpig/ConduitSearch) ==================
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Avg
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Avg
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
==================== DRIVERS and SERVICES ======================================
*** Win32OwnProcess ***
SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
SERV - R2 - [bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
SERV - R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
SERV - R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe
SERV - R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
SERV - R2 - [lxeaCATSCustConnectService] - lxeaCATSCustConnectService - c:\windows\system32\spool\drivers\x64\3\\lxeaserv.exe
SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
SERV - R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe
SERV - R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
SERV - R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe
SERV - R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
SERV - R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
SERV - R2 - [uNS] - Intel® Management & Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
SERV - R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
SERV - S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
SERV - S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe
SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
SERV - S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
SERV - S3 - [WisLMSvc] - WisLMSvc - c:\program files (x86)\launch manager\wislmsvc.exe
SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
SERV - S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
*** Win32ShareProcess ***
SERV - R2 - [samSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe
SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe
SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
*** Others ***
SERV - R2 - [lxea_device] - lxea_device - c:\windows\system32\lxeacoms.exe
SERV - R2 - [spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
SERV - S3 - [uI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe
*** File System Driver ***
DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
DRV - R0 - [symEFA] - Symantec Extended File Attributes - C:\Windows\system32\Drivers\SymEFA.sys [x]
DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys
DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys
*** Kernel Driver ***
DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys
DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys
DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys
DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys
DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys
DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys
DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys
DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
DRV - R0 - [symDS] - Symantec Data Store - C:\Windows\system32\Drivers\SymDS.sys [x]
DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys
DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys
DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
DRV - R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys
==================== SvcHost - White Listed ====================================
All Ok
WOW - All Ok
==================== SigCheck x86 Fast =========================================
Fast Scan All ok
==================== SigCheck x64 Fast =========================================
Fast Scan All ok
==================== Job tasks =================================================
There are no .job files found.
==================== End scanning at di 11 nov 2014 14:33 (0 Min 30 Sec ) ======
-
Volgende poging..
Ik heb de 3 stappen opnieuw doorlopen (MBAM, ADW en E-Peek)
Opnieuw geïnstalleerd enz..
Enkel bij E_peek was het niet mogelijk om via de Uninstall het vorige programma te verwijderen zoals in de beschrijving.
Resultaat hieronder. Bestanden bijvoegen is niet meer mogelijk zoals voorheen
Alvast bedankt voor de hulp
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Scandatum: 11/11/2014
Scantijd: 10:49:36
Logbestand: mbamlog_6.txt
Beheerder: Ja
Versie: 2.00.3.1025
Malwaredatabase: v2014.11.11.03
Rootkitdatabase: v2014.11.10.01
Licentie: Proef
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Wout
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 365832
Verstreken Tijd: 29 m, 25 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 1
PUP.Optional.Qualitink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update qualitink, In Quarantaine, [c3bc49f199e384b2315ea3f69c680df3],
Registerwaardes: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
# AdwCleaner v4.101 - Rapport aangemaakt 11/11/2014 op 11:42:03
# Laatste Update 09/11/2014 door Xplode
# Database : 2014-11-10.9 [Live]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Wout - WOUT-PC
# Gestart vanuit : C:\Users\Wout\Downloads\adwcleaner_4.101.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
Bestand Verwijderd : C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Bestand Verwijderd : C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [38434 octets] - [09/11/2014 11:29:03]
AdwCleaner[R1].txt - [3118 octets] - [09/11/2014 16:11:03]
AdwCleaner[R2].txt - [1289 octets] - [11/11/2014 11:40:10]
AdwCleaner[s0].txt - [35669 octets] - [09/11/2014 11:32:23]
AdwCleaner[s1].txt - [3203 octets] - [09/11/2014 16:12:51]
AdwCleaner[s2].txt - [1217 octets] - [11/11/2014 11:42:03]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1277 octets] ##########
E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014
Downloaded @ E Dev
Run at di 11 nov 2014 11:58
.
Windows 7 Home Premium SP 1 (64 bits)
C:\Windows [NTFS - Fixed]
Default Browser: Google Chrome
Boot mode: Normal boot
User logged in: Wout
.
Java x86: 1.6.0_26
Java x64: 1.6.0_22
.
AV : Norton Internet Security [updated - Not Running]
AV : BullGuard Antivirus [updated - Not Running]
AS : Norton Internet Security [updated - Running]
AS : BullGuard Antispyware [updated - Not Running]
AS : Windows Defender [updated - Not Running]
FW : FW : Norton Internet Security [updated - Not Running]
.
==================== Files and Folders history =================================
Folders Created Last 7 days :
09/11/2014 ##### r-h-s-d+a- C:\rsit
09/11/2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
09/11/2014 ##### r-h-s-d+a- C:\Program Files\trend micro
09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
09/11/2014 ##### r-h-s-d+a- C:\AdwCleaner
Files Modified Last 7 days :
11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
11/11/2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt
05/11/2014 01672576 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
05/11/2014 00746466 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
05/11/2014 00654932 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
05/11/2014 00154128 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
05/11/2014 00122546 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
Files Created Last 7 days :
09/11/2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
==================== RUNNING PROCESSES =========================================
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
[CVHSVC] -SYSTEM- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE - (Microsoft Corporation)
[Dropbox] -Wout- C:\Users\Wout\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
[dwm] -Wout- C:\Windows\system32\Dwm.exe - (Microsoft Corporation)
[E-Peek 1.0.5] -Wout- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev)
[explorer] -Wout- C:\Windows\Explorer.EXE - (Microsoft Corporation)
[iAStorDataMgrSvc] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
[igfxpers] -Wout- C:\Windows\System32\igfxpers.exe - (Intel Corporation)
[igfxtray] -Wout- C:\Windows\System32\igfxtray.exe - (Intel Corporation)
[iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.)
[iTunesHelper] -Wout- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.)
[LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe - (Intel Corporation)
[lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
[lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation)
[lxeacoms] -SYSTEM- C:\Windows\system32\lxeacoms.exe - ( )
[lxeaserv] -SYSTEM- C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe - (Lexmark International, Inc.)
[mbam] -Wout- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)
[mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
[mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation)
[mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
[nis] -SYSTEM- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation)
[nis] -Wout- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation)
[nvSCPAPISvr] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
[officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation)
[PsiService_2] -SYSTEM- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe - (Protexis Inc.)
[searchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
[searchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
[searchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
[services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation)
[sftvsa] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - (Microsoft Corporation)
[sidebar] -Wout- C:\Program Files\Windows Sidebar\sidebar.exe - (Microsoft Corporation)
[smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation)
[spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
[taskhost] -Wout- C:\Windows\system32\taskhost.exe - (Microsoft Corporation)
[wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
[winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)
[WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
[wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)
==================== IE PAGES ==================================================
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com
IE04 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE04 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE10 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE12 - HKLM\..\Toolbar{1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll
IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com
IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE04 x64 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE04 x64 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444
IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE10 x64 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll
==================== Auto Load =================================================
AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,
AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
==================== Google Chrome =============================================
GC - Prefpath: C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Preferences
GC - Profile Name: Eerste gebruiker
GC - Homepage:
GC - Default Search Provider:
= Known Disabled Extensions =
==================== Windows Host File =========================================
==================== BHO =======================================================
BHO - [MSS+ Identifier] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} @ Default = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO - [Lexmark Werkbalk] - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll
BHO - [Adobe PDF Link Helper] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} @ Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
BHO - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
BHO - [Norton Vulnerability Protection] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
BHO - [Aanmeldhulp voor Windows Live ID] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO - [Windows Live Messenger Companion Helper] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} @ Default = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
BHO - [Lexmark ] - {D2C5E510-BE6D-42CC-9F61-E4F939078474} @ Default = C:\Program Files\Lexmark Printable Web\bho.dll
BHO - [Java Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO - [bGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
BHO x64 - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll
BHO x64 - [Windows Live ID Sign-in Helper] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO x64 - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
BHO x64 - [Java Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO x64 - [bGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
==================== Auto Start Programs =======================================
ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
ASP04 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
ASP04 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
ASP04 x64 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
ASP04 x64 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
==================== Extra Items IE ============================================
EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
EI04 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {11111111-1111-1111-1111-110511131190} =
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {30F9B915-B755-4826-820B-08FBA6BD249D} =
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {A40DC6C5-79D0-4CA8-A185-8FF989AF1115} =
==================== Internet Default Prefix ===================================
IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
==================== Default Settings IE - DSIE ================================
DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId
==================== Downloaded Program Files - DPF ============================
DPF - HKLM - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF - HKLM - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF - HKLM - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF x64 - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF x64 - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF x64 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
==================== Protocol Hijackers - PH ===================================
PH00 - Handler:osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [405251ed82d69e5893f1e7e923b7f38b]
PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [31d70e22e0e929e2a1279f51245624cc]
==================== ShellServiceObjectDelayLoad - SSODL =======================
SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
==================== Extra items - EXT (Torpig/ConduitSearch) ==================
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Avg
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3}
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Avg
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3}= C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
==================== DRIVERS and SERVICES ======================================
*** Win32OwnProcess ***
SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
SERV - R2 - [bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
SERV - R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
SERV - R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe
SERV - R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
SERV - R2 - [lxeaCATSCustConnectService] - lxeaCATSCustConnectService - c:\windows\system32\spool\drivers\x64\3\\lxeaserv.exe
SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
SERV - R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe
SERV - R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
SERV - R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe
SERV - R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
SERV - R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
SERV - R2 - [uNS] - Intel® Management & Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
SERV - R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
SERV - S3 - [bgRaSvc] - BgRaSvc - c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe
SERV - S3 - [bsBhvScan] - BullGuard behavioural detection service - c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe
SERV - S3 - [bsScanner] - BullGuard scanning service - c:\program files\bullguard ltd\bullguard\bullguardscanner.exe
SERV - S3 - [bsUpdate] - BullGuard update service - c:\program files\bullguard ltd\bullguard\bullguardupdate.exe
SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
SERV - S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
SERV - S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe
SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
SERV - S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
SERV - S3 - [WisLMSvc] - WisLMSvc - c:\program files (x86)\launch manager\wislmsvc.exe
SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
SERV - S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
*** Win32ShareProcess ***
SERV - R2 - [samSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
SERV - S3 - [bsBrowser] - BullGuard antiphishing service - c:\windows\system32\svchost.exe
SERV - S3 - [bsFileScan] - BullGuard on-access service - c:\windows\system32\svchost.exe
SERV - S3 - [bsMailProxy] - BullGuard e-mail monitoring service - c:\windows\system32\svchost.exe
SERV - S3 - [bsMain] - BullGuard main service - c:\windows\system32\svchost.exe
SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe
SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe
SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
*** Others ***
SERV - R2 - [lxea_device] - lxea_device - c:\windows\system32\lxeacoms.exe
SERV - R2 - [spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
SERV - S3 - [uI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe
*** File System Driver ***
DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
DRV - R0 - [symEFA] - Symantec Extended File Attributes - C:\Windows\system32\Drivers\SymEFA.sys [x]
DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys
DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys
*** Kernel Driver ***
DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys
DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys
DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys
DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys
DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys
DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys
DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys
DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
DRV - R0 - [symDS] - Symantec Data Store - C:\Windows\system32\Drivers\SymDS.sys [x]
DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys
DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys
DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
DRV - R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys
==================== SvcHost - White Listed ====================================
All Ok
WOW - All Ok
==================== SigCheck x86 Fast =========================================
Fast Scan All ok
==================== SigCheck x64 Fast =========================================
Fast Scan All ok
==================== Job tasks =================================================
There are no .job files found.
==================== End scanning at di 11 nov 2014 11:59 (0 Min 40 Sec ) ======
-
De instellingen stonden zoals in uw voorbeeld.
Bij de eerste MBAM scan werden er wel geen bestanden in quarantaine geplaatst.
Bij deze scan zijn er een paar honderd in quarantaine gezet.
De computer is zowel bij MBAM als Epeek opnieuw opgestart.
Ik hoop dat de logs in bijlage de correcte zijn.
- - - Updated - - -
Ter info
Ondertussen openen volgende vensters
Ik neem aan dat ik hierop niet mag ingaan
hxxp://betweensoftware.net/YAC/BE/ZP/CC/Warningos/inde.php?s=2451403677
hxxp://offers.bycontext.com/topbar/ctxjs/index.php?tracker=http%3A%2F%2Fcn.tatami-solutions.com%2Feas%3Fcu%3D29607%26ptrack%3DJMC1152%26cat2%3Dcjs%26kw2%3D70632d68656c70666f72756d2e6265&numberBounceDone=1&ussegmnt=100&distribution=new&affid=1152&subaffid=3239544&intformat=roll&nextpage=http%3A%2F%2Fwww.pc-helpforum.be%2Fforum%2F&ch=6801&sbrand=qualitink&folder=v2.14
-
Sorry maar ik krijg telkens hetzelfde resultaat.
Er is maar 1 logboek beschikbaar. Zie bijlage
-
In bijlage de 3 logbestanden.
Verder is geregeld een melding te van Malwarebytes (bestand - knipsel in bijlage)
Karl
-
Beste,
De laptop van de kinderen loopt niet best meer.
Graag bijstand om de boel opnieuw vlot te laten lopen.
In bijlage wat logjes
Alvast bedankt
-
Mako,
Beide stappen zijn doorlopen.
In bijlage de log bestanden.
Via zoek.exe [ATTACH]37022[/ATTACH]
Via AdwCleaner (tweede poging. Eerste log per vergissing gewist)
-
Mako,
In bijlage het logbestand van de zoek-results.
[ATTACH]36958[/ATTACH]
Bij het opstarten van Chrome was sweet-page niet meer te zien.
Moet ik verder nog iets ondernemen?
Alvast bedankt voor de hulp.
Karl
-
Graag hulp voor het verwijderen van sweet-page op Chrome.
En eventueel ander vervuilers
In bijlage logbestanden van scan
Alvast bedankt
-
Windows installer blijft dienst wijgeren.
Ook na het instaleren van de nieuwe versie.
In bijlage de foutboodschap
[ATTACH]24631[/ATTACH]
-
Zoals opgegeven alle stappen ondernomen:
- opdrachtprompt..
Met in de laatste stap een fout boodschap. Zie bijlage
- Hijackthis..
Resultaat / nieuwe log in bijlage
-AdwCleaner ..
Resultaat / log in bijlage
Het verwijderen van programma's is echter nog niet mogelijk.
-
Op mijn XP toestel werkt windows installer niet meer.
Ik kan geen programma's meer toevoegen of verwijderen.
In bijlage log bestand van HijackThis.
Weet iemand hier raad mee? [ATTACH]24576[/ATTACH]
Als er verder in de log nog onregelmatigheden staan / items om te verwijderen voor een betere/ snellere werking mogen die ook mee opgenomen worden.
-
Opnieuw getroffen door het politievirus.
In bijlage hijjack en mbam bestandje.
Graag jullie bijstand aubmbam-log-2012-09-12 (12-06-30).txt
-
mbam-log-2012-07-03 (22-45-27).txt
Kape,
Bedankt voor de hulp.
Het politie probleem lijkt van de baan.
In bijlage nog de 2 logbestanden.
Kan ik dit voorkomen?
Soluto installeren lukt niet
Error Code 72133
-
[ATTACH]19540[/ATTACH]
Kape,
Via Hijackthis zijn de opgegeven items verwijderd.
Maar het probleem is nog niet van de baan.
Ondertussen ook malwaerebytes en ccleaner laten lopen.
Het eerdere logbestand was genomen via een ander accout op dezelfde computer.
De log in bijlage is van de probleem account opgestart in veilige modus.
Het politie probleem is er dus nog.
Verder is het toestel behoorlijk traag in opstart.
Is er hiervoor ook iets te merken in de log.
Alvast bedankt voor de hulp.
-
PC geblokkeerd door 'Politie' virus
Malwarebytes geeft -> Geen kwaadaardige objecten gedetecteerd
Hijackthis log in bijlage.
Tips?
-
De foutmelding komt niet meer voor bij opstart van de pc.
Bedankt voor de hulp
-
Malwarebytes loopt nu samen met AVG. Laat ik dit zo?
Zijn er verder nog acties nodig na de scans.
Alvast bedankt
-
Bij het opstarten van de PC krijg ik volgende melding ....Temp\hj8ol0.exe.
Ondertussen heb ik al een scan laten lopen.
Kunnen jullie in de log zien wat het juiste probleem is?
Verder werkt ook windows installer / uninstaller ook niet meer.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:25:27, on 10/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KARL\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = deredactie.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)
R3 - URLSearchHook: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTo1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: uTorrentBar_NL - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTo1.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {7C207950-B633-40B8-95B3-E3E08502BE44} - (no file)
O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTo1.dll
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe"
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [svcroot] svcroot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-4166307882-2704883870-4021508746-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-4166307882-2704883870-4021508746-1006 Startup: hj8ol0.exe.lnk = C:\WINDOWS\system32\rundll32.exe (User '?')
O4 - Startup: hj8ol0.exe.lnk = C:\WINDOWS\system32\rundll32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092946685828
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130362054984
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\Resources\IntraLaunch.CAB
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\WINDOWS\system32\lxeacoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 12566 bytes
Chinese tekens
in Archief Bestrijding malware & virussen
Geplaatst:
In bijlage het log bestand
log.txt