wallymie
-
Items
111 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door wallymie
-
ok! dan is dit voor mij opgelost..bedankt:top:
-
hier enkele voorbeelden...er zijn nog meerdere !!! OSPPSVC.EXE.x64 X64-bestand 4.810 kB URLREDIR.DlL.x64 X64-bestand 673 kB VISFILT.DLL.x64 X64- bestand 2075 kB (kan niet knippen/plakken)
-
kape, heeft uw antwoord alleen betrekking op mijn office vraag? Moet ik wachten op antwoord op vraag betreffende .64x bestanden??
-
Hallo, Ik heb een xp-32bit. Nu heb ik bestanden gevonden met .64x in de naam. Verwijzen deze naar een 64 bit versie? zo ja...kan ik deze dan veilig verwijderen? Ik zal tevens een hjt logje bijvoegen,dan kan dat gelijk eens nagekeken worden. groetjLogfile of Trend Micro HijackThis v2.0.4Scan saved at 21:47:19, on 7/09/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341595878375 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- End of file - 5716 bytes es PS. in dit logje staan verwijzingen naar office14 Mijn office is 2010 (is dit een foutje?)
-
Vanaf de tweede bewerking met zoek.exe, is zo te zien alles terug ok! Ik weet niet wat je gedaan hebt, maar alvast bedankt. en het op z'n Nederland te zeggen, doei,
-
hier het gevraagde logje van zoek.exe. Zoek.exe Version 4.0.0.2 Updated 13-April-2013 Tool run by admin on ma 15/04/2013 at 20:54:20,14. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Chrome Look ====================== Google Docs - admin - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - admin - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - admin - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - admin - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - admin - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Gmail - admin - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia YouTube - Administrator - Default\Extensions\Temp ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\admin\Bureaublad\Allerlei\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Documents and Settings\admin\Bureaublad\ant-malware\Bitdefender Internet Security 2013.lnk - C:\Program Files\BitDefender\Bitdefender 2013\seccenter.exe C:\Documents and Settings\admin\Bureaublad\ant-malware\Bitdefender Safepay.lnk - C:\Program Files\BitDefender\Bitdefender 2013\obk.exe C:\Documents and Settings\admin\Bureaublad\ant-malware\HiJackThis.lnk - C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\admin\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\admin\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\admin\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Bitdefender Internet Security 2013.lnk - C:\Program Files\BitDefender\Bitdefender 2013\seccenter.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Bitdefender Safepay.lnk - C:\Program Files\BitDefender\Bitdefender 2013\obk.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Help.lnk - C:\Program Files\Bitdefender\Bitdefender 2013\support\offlinemanual\html\index.html C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Herstellen of de-installeren.lnk - C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\installer.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Leesmij.lnk - C:\Program Files\BitDefender\Bitdefender 2013\_enhtml\readme.html C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Access 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft OneNote 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Publisher 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Digitaal certificaat voor VBA-projecten.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Mediagalerie.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Office 2010 Upload Center.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Office Picture Manager.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Taalvoorkeuren voor Microsoft Office 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro\Verwijder Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Call.lnk - C:\Program Files\Windows Live\Messenger\wlcstart.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Family Safety.lnk - C:\WINDOWS\Installer\{CAEB2BE8-EF9E-4BFE-8165-3B54B62AF6CF}\fssicon.ico C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Writer.lnk - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\admin\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted ps.mag zoek.exe en het bijhorende logbestand verwijderd worden ?
-
ik heb de indruk dat het nu sneller gaat...heb nog niet zo veel "gegoogeld", ga het een dag of twee eens bekijken,en laat het resultaat hier weten. alvast bedankt,
-
Hello, het is eindelijk gelukt. Ik moest in bitdefender , onder antivirus gebeurtenissen/ Aktief virusbeheer/ onderaan links,de toestemming geven het programma toe te staan onder bewaking. Hier het gevraagde logje, Zoek.exe Version 4.0.0.2 Updated 13-April-2013 Tool run by admin on zo 14/04/2013 at 18:36:42,40. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-796845957-725345543-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{16A89497-BC3A-4F6E-A1EF-20FD858A88B4} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Files \ Folders ====================== "C:\Program Files\DefaultTab" deleted "C:\Documents and Settings\admin\Application Data\eIntaller" deleted "C:\Documents and Settings\admin\Local Settings\Application Data\PackageAware" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2013-03-21 17:44:03 9130CCE19B5DB3D2E31F9F789263FC4A 511328 ----a-w- C:\WINDOWS\capicom.dll ====== C:\DOCUME~1\admin\LOCALS~1\Temp ==== 2013-04-13 18:42:06 CB0107FDE27B05772F79977D05DEFA6E 93776 ----a-w- C:\DOCUME~1\admin\LOCALS~1\Temp\mlv_ar_qvo6.exe ====== C:\WINDOWS\system32 ===== 2013-04-05 18:30:04 1FBCCC1C540ACC4EB3F718B659ED63CA 693976 ----a-w- C:\WINDOWS\System32\FlashPlayerApp.exe ====== C:\WINDOWS\system32\drivers ===== 2013-04-07 20:22:19 E0087225B137E57239FF40F8AE82059B 54760 ----a-w- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys 2013-03-21 18:01:33 B82A4AE7C1259411421D2389BD1AB058 72704 ----a-w- C:\WINDOWS\System32\drivers\bdvedisk.sys 2013-03-21 17:44:23 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf 2013-03-21 17:44:22 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2013-03-21 17:44:03 B6CBFC9D825BB2D955620CD4D8EF07F9 66392 ----a-w- C:\WINDOWS\System32\drivers\bdsandbox.sys 2013-03-21 17:44:03 03F9DBFF185F9CCCA82844216591EA01 116248 ----a-w- C:\WINDOWS\System32\drivers\bdfndisf.sys 2013-03-21 17:43:57 7F9B99B564E7C9FBB6729ED95B5BBB24 242504 ----a-w- C:\WINDOWS\System32\drivers\avchv.sys 2013-03-21 17:43:56 F3D3B0AFFD227AA2BFC80C1A4536BAA0 625128 ----a-w- C:\WINDOWS\System32\drivers\avc3.sys 2013-03-21 17:43:56 C7BE750843A8A39167187FD28634A25E 482928 ----a-w- C:\WINDOWS\System32\drivers\avckf.sys 2013-03-21 17:42:03 479664FA3E1BD3E0B828971A0D500D4E 161312 ----a-w- C:\WINDOWS\System32\drivers\gzflt.sys 2013-03-21 17:42:02 F2AEE22231046CAD8D2F94D2C0F9BEFB 343456 ----a-w- C:\WINDOWS\System32\drivers\trufos.sys 2013-03-21 11:13:49 8B5B8A11306190C6963D3473F052D3C8 27064 ----a-w- C:\WINDOWS\System32\drivers\revoflt.sys 2013-03-21 10:34:11 FF35C2D01AC36B446A1B997F305F0FC2 51144 ----a-w- C:\WINDOWS\System32\drivers\Soluto.sys ====== C:\WINDOWS\Tasks ====== 2013-04-05 20:34:11 !HASH: COULD NOT OPEN FILE !!!!! 1042 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-05 20:34:11 !HASH: COULD NOT OPEN FILE !!!!! 1038 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-05 18:30:04 !HASH: COULD NOT OPEN FILE !!!!! 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-03-21 17:31:59 -------- d-----w- C:\Program Files\Common Files\SWF Studio 2013-03-21 11:13:48 -------- d-----w- C:\Program Files\VS Revo Group ======= C: ===== ====== C:\Documents and Settings\admin\Application Data ====== 2013-04-05 20:34:32 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome 2013-04-03 20:41:07 -------- d-----w- C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla 2013-04-03 20:40:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Mozilla 2013-04-03 16:40:20 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\TuneUp Software 2013-03-31 13:42:55 -------- d-----w- C:\Documents and Settings\admin\Application Data\TuneUp Software 2013-03-31 13:41:33 -------- d-sh--w- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-03-31 13:41:33 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files 2013-03-21 17:45:18 669CA7BB4A5604C91F36E466C4FDE123 425366 ----a-w- C:\Documents and Settings\All Users\Application Data\1363887705.bdinstall.bin 2013-03-21 17:44:23 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013 2013-03-21 17:42:20 -------- d-----w- C:\Documents and Settings\admin\Application Data\QuickScan 2013-03-21 11:13:56 -------- d-----w- C:\Documents and Settings\admin\Local Settings\Application Data\VS Revo Group 2013-03-21 11:13:50 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro 2013-03-21 11:13:50 -------- d-----w- C:\Documents and Settings\All Users\Application Data\VS Revo Group ====== C:\Documents and Settings\admin ====== 2013-04-14 16:04:11 -------- d--h--r- C:\Documents and Settings\admin\Onlangs geopend 2013-04-11 18:53:16 -------- d-----w- C:\Documents and Settings\admin\.rummi ====== C: exe-files == 2013-04-13 18:42:06 CB0107FDE27B05772F79977D05DEFA6E 93776 ----a-w- C:\Documents and Settings\admin\Local Settings\temp\mlv_ar_qvo6.exe 2013-04-10 20:39:22 AA964645D3A987CA87186A36DFFBF28D 5677408 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\26.0.1410.64\26.0.1410.64_26.0.1410.43_chrome_updater.exe 2013-04-10 15:29:18 2BF1A08F7CB7752AF697EE228514497F 234872 -c----w- C:\WINDOWS\ie8updates\KB2817183-IE8\spuninst\spuninst.exe 2013-04-10 15:29:13 A669C1B40E5D23F5EBE7EF498631B7D1 174080 -c----w- C:\WINDOWS\ie8updates\KB2817183-IE8\ie4uinit.exe 2013-04-07 19:44:59 0A9990EAEBD2C8C3B3BC25BFB4D02BC3 1247056 ----a-w- C:\Documents and Settings\admin\Bureaublad\ant-malware\wlsetup-web.exe === C: other files == 2013-04-07 20:22:19 E0087225B137E57239FF40F8AE82059B 54760 -c--a-w- C:\WINDOWS\system32\DRVSTORE\fssfltr_F64381C38F211E3160A660B196A6A585F80604F9\fssfltr_tdi.sys 2013-04-07 20:22:19 E0087225B137E57239FF40F8AE82059B 54760 ----a-w- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtXpStack] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BluetoothSuit" "hkey"="HKLM" "command"="\"C:\\Program Files\\Bluetooth XP Suite\\BluetoothSuit.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beidsccertprop] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beidsccertprop" "hkey"="HKLM" "command"="C:\\Program Files\\Belgium Identity Card\\BeID Certprop\\beidsccertprop.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IDMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IDMan" "hkey"="HKCU" "command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDCPL" "hkey"="HKLM" "command"="RTHDCPL.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Windows Search.lnk" "backup"="C:\\WINDOWS\\pss\\Windows Search.lnkCommon Startup" "command"="C:\\PROGRA~1\\WI459E~1\\WINDOW~1.EXE /startup" "item"="Windows Search" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [undertermined Task] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ [undertermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ [undertermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ [undertermined Task] C:\WINDOWS\tasks\User_Feed_Synchronization-{EBF650E6-1266-4E91-9D14-C934EFDC08DA}.job --ah----- [undertermined Task] ==== Chrome Look ====================== Google Docs - admin - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - admin - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - admin - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - admin - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - admin - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Gmail - admin - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia YouTube - Administrator - Default\Extensions\Temp ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-796845957-725345543-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\admin\Bureaublad\Allerlei\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Documents and Settings\admin\Bureaublad\ant-malware\Bitdefender Internet Security 2013.lnk - C:\Program Files\BitDefender\Bitdefender 2013\seccenter.exe C:\Documents and Settings\admin\Bureaublad\ant-malware\Bitdefender Safepay.lnk - C:\Program Files\BitDefender\Bitdefender 2013\obk.exe C:\Documents and Settings\admin\Bureaublad\ant-malware\HiJackThis.lnk - C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\admin\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\admin\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\admin\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Bitdefender Internet Security 2013.lnk - C:\Program Files\BitDefender\Bitdefender 2013\seccenter.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Bitdefender Safepay.lnk - C:\Program Files\BitDefender\Bitdefender 2013\obk.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Help.lnk - C:\Program Files\Bitdefender\Bitdefender 2013\support\offlinemanual\html\index.html C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Herstellen of de-installeren.lnk - C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\installer.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Bitdefender 2013\Leesmij.lnk - C:\Program Files\BitDefender\Bitdefender 2013\_enhtml\readme.html C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Access 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft OneNote 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Publisher 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Digitaal certificaat voor VBA-projecten.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Mediagalerie.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Office 2010 Upload Center.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Office Picture Manager.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Taalvoorkeuren voor Microsoft Office 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro\Verwijder Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Call.lnk - C:\Program Files\Windows Live\Messenger\wlcstart.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Family Safety.lnk - C:\WINDOWS\Installer\{CAEB2BE8-EF9E-4BFE-8165-3B54B62AF6CF}\fssicon.ico C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live\Windows Live Writer.lnk - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\admin\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted Groetjes
-
hallo juisterr, heb alles gedaan wat je hebt aangegeven, maar mijn bitdefender heeft dit programma alsnog geblokkeerd! Wat nu ??
-
Hallo, Hier ben ik weer.Mijn probleem is, dat m'n pagina's zeer langzaam,en soms helemaal niet,opladen. Dat cirkeltje van het opladen blijft maar draaien,zonder reactie! Ik moet dikwijls 3/4 maal herladen alvorens de gewenste pagina opengaat. Oplossing ??? zal gelijk een logje bijvoegen van hjt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:24:40, on 13/04/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341595878375 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- End of file - 6319 bytes
-
Tot nu toe goed.., zal het nog enkele dagen aankijken ! Laat wel iets weten over het resultaat. Groetjes
-
hallo, hier het gevraagde logje Zoek.exe Version 4.0.0.2 Updated 02-March-2013 Tool run by admin on ma 04/03/2013 at 12:12:25,34. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== FireFox Fix ====================== ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\admin\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Documents and Settings\admin\Application Data ====== 2013-02-12 22:47:58 -------- d-----w- C:\Documents and Settings\admin\Local Settings\Application Data\Sun 2013-02-12 13:51:45 7FCCAE73518FC9603EDBA1123415E56A 867 ----a-w- C:\Documents and Settings\admin\Local Settings\Application Data\recently-used.xbel 2013-02-09 12:12:40 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IDM ====== C:\Documents and Settings\admin ====== 2013-03-03 23:15:50 -------- d--h--r- C:\Documents and Settings\admin\Onlangs geopend ====== C: exe-files == 2013-03-04 11:09:50 ADFE8ECA5EF18BB514968C134FA3348B 92160 ----a-w- C:\Program Files\Common Files\Bitdefender\BitDefender Threat Scanner\Antivirus_12597_603\bdc.exe 2013-03-03 22:55:31 ADFE8ECA5EF18BB514968C134FA3348B 92160 ----a-w- C:\Program Files\Common Files\Bitdefender\BitDefender Threat Scanner\Antivirus_12584_602\bdc.exe 2013-03-02 12:14:34 EFAB459FDD56AE93839FA817BA953A7F 51712 ----a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe 2013-03-02 12:14:34 DE34DC1427F7D3FA4D13D17B51B55673 1207296 ----a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\._msige61\GoogleEarth.exe 2013-03-02 12:14:34 45F88C09E922FD22CE45CCD19B53AE7B 301056 ----a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe 2013-03-02 12:14:34 2B27F157274CB548E16862560D6EBD97 208384 ----a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe 2013-03-02 12:14:34 2B27F157274CB548E16862560D6EBD97 208384 ----a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\._msige61\program files\Google\Google Earth\client\googleearth.exe 2013-03-02 12:14:32 D13879F9A51F6F8C6AC33A5B86694E9F 24449680 ----a-w- C:\Program Files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe 2013-02-27 22:12:41 85DEB24EBA6B288F64AAC0FFC6A17810 26744 ----a-w- C:\Documents and Settings\admin\Application Data\TorrentStream\.data\engine2\download\2.0.8.5\tsengine_stream.exe 2013-02-27 22:12:40 859A5737BCBC7ED29B97BE1C6DF1D64D 26744 ----a-w- C:\Documents and Settings\admin\Application Data\TorrentStream\.data\engine2\download\2.0.8.5\tsengine.exe === C: other files == 2013-03-02 15:00:50 35E9313CF1E703FCEF918046F31097F5 1135609 ----a-w- C:\Documents and Settings\admin\Application Data\TorrentStream\.data\magicplayer_chrome\download\1.1.20\magicplayer.crx ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" "BDAgent"="C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtXpStack] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BluetoothSuit" "hkey"="HKLM" "command"="\"C:\\Program Files\\Bluetooth XP Suite\\BluetoothSuit.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beidsccertprop] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beidsccertprop" "hkey"="HKLM" "command"="C:\\Program Files\\Belgium Identity Card\\BeID Certprop\\beidsccertprop.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IDMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IDMan" "hkey"="HKCU" "command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mbamgui" "hkey"="HKLM" "command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDCPL" "hkey"="HKLM" "command"="RTHDCPL.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Windows Search.lnk" "backup"="C:\\WINDOWS\\pss\\Windows Search.lnkCommon Startup" "command"="C:\\PROGRA~1\\WI459E~1\\WINDOW~1.EXE /startup" "item"="Windows Search" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/02/2013 23:13] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\Apple Software Update\SoftwareUpdate.exe [01/06/2011 17:57] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/09/2011 19:39] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/09/2011 19:39] C:\WINDOWS\tasks\User_Feed_Synchronization-{EBF650E6-1266-4E91-9D14-C934EFDC08DA}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 03:31] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jmolcgpienlcieaajfkkdamlngancncm - C:\Program Files\Internet Download Manager\IDMGCExt.crx[16/11/2012 01:25] ochbjojkpcmlfeagbaahkofepalngihg - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ochbjojkpcmlfeagbaahkofepalngihg - C:\Documents and Settings\admin\Application Data\TorrentStream\extensions\chrome\magicplayer.crx[] Last updated at time on date - admin - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb IDM Integration - admin - Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm YouTube - Administrator - Default\Extensions\Temp ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {2F3314B2-B101-42FE-A479-85B75BDDBC10} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSNIE8&pc=MSNIE8&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\admin\Bureaublad\Snelkoppeling naar tj1.lnk - C:\Documents and Settings\admin\Mijn documenten\Mijn afbeeldingen\TJ\tj1.bmp C:\Documents and Settings\admin\Bureaublad\ant-malware\HiJackThis.lnk - C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\admin\Menu Start\Programma's\Internet Download Manager\Grabber Help.lnk - C:\Program Files\Internet Download Manager\grabber.chm C:\Documents and Settings\admin\Menu Start\Programma's\Internet Download Manager\IDM Help.lnk - C:\Program Files\Internet Download Manager\idman.chm C:\Documents and Settings\admin\Menu Start\Programma's\Internet Download Manager\Internet Download Manager.lnk - C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\admin\Menu Start\Programma's\Internet Download Manager\license.lnk - C:\Program Files\Internet Download Manager\license.txt C:\Documents and Settings\admin\Menu Start\Programma's\Internet Download Manager\TUTORIALS.lnk - C:\Program Files\Internet Download Manager\tutor.chm C:\Documents and Settings\admin\Menu Start\Programma's\Internet Download Manager\Uninstall IDM.lnk - C:\Program Files\Internet Download Manager\Uninstall.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Internet Download Manager\Grabber Help.lnk - C:\Program Files\Internet Download Manager\grabber.chm C:\Documents and Settings\All Users\Menu Start\Programma's\Internet Download Manager\IDM Help.lnk - C:\Program Files\Internet Download Manager\idman.chm C:\Documents and Settings\All Users\Menu Start\Programma's\Internet Download Manager\Internet Download Manager.lnk - C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Internet Download Manager\license.lnk - C:\Program Files\Internet Download Manager\license.txt C:\Documents and Settings\All Users\Menu Start\Programma's\Internet Download Manager\TUTORIALS.lnk - C:\Program Files\Internet Download Manager\tutor.chm C:\Documents and Settings\All Users\Menu Start\Programma's\Internet Download Manager\Uninstall IDM.lnk - C:\Program Files\Internet Download Manager\Uninstall.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ochbjojkpcmlfeagbaahkofepalngihg deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ochbjojkpcmlfeagbaahkofepalngihg deleted successfully ==== Silent Runners ====================== "Silent Runners.vbs", revision 69, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} BitDefender Antiphishing Helper = "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" [bitDefender S.R.L.] BDAgent = "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" [bitDefender S.R.L.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = Search Helper -> {HKLM…CLSID} = Search Helper \InProcServer32\(Default) = C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM…CLSID} = Windows Live Aanmelden - Help \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided) -> {HKLM…CLSID} = Windows Live Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Windows Live\Toolbar\wltcore.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ IDM Shell Extension\(Default) = {CDC95B92-E27C-4745-A8C5-64A52A78855D} -> {HKLM…CLSID} = IDM Shell Extension \InProcServer32\(Default) = C:\Program Files\Internet Download Manager\IDMShellExt.dll [Tonec Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding -> {HKLM…CLSID} = HyperTerminal Icon Ext \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM…CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM…CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM…CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM…CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM…CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {4ADF8C01-0AC7-4403-888C-012E6EA2F67E} = Sims2Pack Clean Installer Shell Extension -> {HKLM…CLSID} = S2PCISE.S2PCISE \InProcServer32\(Default) = mscoree.dll [MS] {97090E2F-3062-4459-855B-014F0D3CDBB1} = Windows Search Deskbar -> {HKCU…CLSID} = Windows Search Bureaubalk \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS] -> {HKLM…CLSID} = Windows Search Deskbar \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS] {13E7F612-F261-4391-BEA2-39DF4F3FA311} = Windows Desktop Search -> {HKLM…CLSID} = Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\msnlExt.dll [MS] {B9AF185E-1276-4BC7-936B-692E16B1AD4A} = Bluetooth Suite -> {HKLM…CLSID} = Bluetooth Suite \InProcServer32\(Default) = C:\Program Files\Bluetooth XP Suite\BMVFPlugIn.dll [Atheros Commnucations] {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension -> {HKLM…CLSID} = FTShellContext Class \InProcServer32\(Default) = C:\Program Files\Bluetooth XP Suite\ShellContextExt.dll [Atheros Commnucations] {CDC95B92-E27C-4745-A8C5-64A52A78855D} = IDM Shell Extension -> {HKLM…CLSID} = IDM Shell Extension \InProcServer32\(Default) = C:\Program Files\Internet Download Manager\IDMShellExt.dll [Tonec Inc.] {0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler -> {HKLM…CLSID} = CLSID_WLMCMimeFilter \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = (no title provided) -> {HKLM…CLSID} = SABShellExecuteHook Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [superAdBlocker.com] <<!>> {56F9679E-7826-4C84-81F3-532071A8BCC5} = (no title provided) -> {HKLM…CLSID} = Windows Desktop Search Namespace Manager \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\ <<!>> Debugger = Drwtsn32 -p %ld -e %ld [MS] <<!>> Auto = 0 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> belarc\CLSID = {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -> {HKLM…CLSID} = VoilaXctl Class \InProcServer32\(Default) = C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [belarc, Inc.] <<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM…CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <<!>> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754} -> {HKLM…CLSID} = Microsoft Infotech Storage Protocol for IE 4.0 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [MS] <<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384} -> {HKLM…CLSID} = Data Page Plugable Protocal mso-offdap11 Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS] <<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM…CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM…CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [sUPERAntiSpyware.com] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM…CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\BitDefender\BitDefender 2011\bdshellext.dll [bitDefender S.R.L.] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} -> {HKLM…CLSID} = FTShellContext Class \InProcServer32\(Default) = C:\Program Files\Bluetooth XP Suite\ShellContextExt.dll [Atheros Commnucations] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [file not found] {C95FFEAE-A32E-4122-A5C4-49B5BFB69795}\(Default) = {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} -> {HKLM…CLSID} = Adobe Drive CS4 \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM…CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [sUPERAntiSpyware.com] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM…CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\BitDefender\BitDefender 2011\bdshellext.dll [bitDefender S.R.L.] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Ath_CopyHookX\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} -> {HKLM…CLSID} = Ath_CopyHookX \InProcServer32\(Default) = C:\Program Files\Bluetooth XP Suite\AthCopyHookX.dll [Atheros Commnucations] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ 00nView\(Default) = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} -> {HKLM…CLSID} = nView Desktop Context Menu \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation] NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439} -> {HKLM…CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation] {C95FFEAE-A32E-4122-A5C4-49B5BFB69795}\(Default) = {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} -> {HKLM…CLSID} = Adobe Drive CS4 \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM…CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [file not found] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM…CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\BitDefender\BitDefender 2011\bdshellext.dll [bitDefender S.R.L.] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ disableregistrytools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ disablecmd = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\WINDOWS\system32\config\systemprofile\Mijn documenten\Mijn afbeeldingen\TJ\tj1.bmp Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Documents and Settings\admin\Mijn documenten\Mijn afbeeldingen\TJ\tj1.bmp Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\WINDOWS\system32\ssmypics.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ImgBurnBDBurningOnArrival_BuildImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleBDBurningOnArrival_BuildImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!] ImgBurnBDBurningOnArrival_BurnImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleBDBurningOnArrival_BurnImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!] ImgBurnCDBurningOnArrival_BuildImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleCDBurningOnArrival_BuildImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!] ImgBurnCDBurningOnArrival_BurnImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleCDBurningOnArrival_BurnImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!] ImgBurnDVDBurningOnArrival_BuildImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleDVDBurningOnArrival_BuildImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!] ImgBurnDVDBurningOnArrival_BurnImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleDVDBurningOnArrival_BurnImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!] ImgBurnHDDVDBurningOnArrival_BuildImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleHDDVDBurningOnArrival_BuildImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!] ImgBurnHDDVDBurningOnArrival_BurnImage\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = HandleHDDVDBurningOnArrival_BurnImage HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!] ImgBurnPlayBluRayOnArrival_ReadDisc\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = PlayBluRayOnArrival_ReadDisc HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!] ImgBurnPlayCDAudioOnArrival_ReadDisc\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = PlayCDAudioOnArrival_ReadDisc HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!] ImgBurnPlayDVDMovieOnArrival_ReadDisc\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = PlayDVDMovieOnArrival_ReadDisc HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!] ImgBurnPlayHDDVDOnArrival_ReadDisc\ Provider = ImgBurn InvokeProgID = ImgBurn.AutoPlay.1 InvokeVerb = PlayHDDVDOnArrival_ReadDisc HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM…CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM…CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] PSASE30ImportPicturesOnArrival\ Provider = Adobe Photoshop Album Starter Edition InvokeProgID = PSASE30.autoplay InvokeVerb = launch HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\psaproxy.exe" -v %1\ [Adobe Systems Incorporated] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Enabled Scheduled Tasks: {++} ------------------------ Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] User_Feed_Synchronization-{EBF650E6-1266-4E91-9D14-C934EFDC08DA} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\System32\nwprovau.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 08, 11 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM…CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {21FA44EF-376D-4D53-9B0F-8A89D3229068} -> {HKLM…CLSID} = &Windows Live Toolbar \InProcServer32\(Default) = C:\Program Files\Windows Live\Toolbar\wltcore.dll [MS] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM…CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {21FA44EF-376D-4D53-9B0F-8A89D3229068} = (no title provided) -> {HKLM…CLSID} = &Windows Live Toolbar \InProcServer32\(Default) = C:\Program Files\Windows Live\Toolbar\wltcore.dll [MS] {381FFDE8-2394-4F90-B10D-FC6124A40F8C} = IEToolbar -> {HKLM…CLSID} = BitDefender Toolbar \InProcServer32\(Default) = C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll [bitDefender S.R.L.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43E7-84E9-808838809519}\(Default) = Google Side Bar Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = In weblog opnemen MenuText = &In weblog opnemen met Windows Live Writer CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM…CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM…CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM…CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Onderzoek BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ ButtonText = Messenger MenuText = Windows Messenger Exec = C:\Program Files\Messenger\msmsgs.exe [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BitDefender Desktop Update Service, UPDATESRV, "C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe" /service [bitDefender S.R.L.] BitDefender Virus Shield, VSSERV, C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe /service [bitDefender S.R.L.] Windows Search, WSearch, C:\WINDOWS\system32\SearchIndexer.exe /Embedding [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> !SASCORE, HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> !SASCORE, Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = HpTcpMon.dll [Hewlett Packard] hpzsnt12\Driver = hpzsnt12.dll [HP] Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS] ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\admin\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
-
hallo, mijn bovenvermeld probleem is nog niet 100% opgelost! Het is al iets beter, maar na een tijdje terug hetzelfde. Ik moet de pagina enkele keren terug opladen,alvorens deze opengaat.Zou dat kunnen dat adBlock de oorzaak zou kunnen zijn? Ik zal nog eens een hjt logje maken en bijvoegen, dan kan er eens gekeken worden of er een probleempje is toegevoegd aan m'n pc. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:09:27, on 3/03/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Documents and Settings\admin\Application Data\TorrentStream\updater\tsupdate.exe C:\Program Files\BitDefender\BitDefender 2011\downloader.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O8 - Extra context menu item: Download alle links met IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download met IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341595878375 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- End of file - 6732 bytes
-
Hallo cape, Heb alles verwijderd.Zal het gedurende een dag of twee eens bekijken of alles nog 100% werkt, en laat dan zeker nog iets weten dat m'n probleem is opgelost of niet. groetjes wallymie
-
hallo cape, Ik heb na het uitvoeren van AdwClaener, mijn instlellingen van google terug moeten aanpassen.Is dat normaal? Het werkt sneller nu, heb ik de indruk. Afwachten maar zeker? (ik laat zeker nog iets weten) groetjes wallymie
-
Hallo, hierbij gevraagde logbestand # AdwCleaner v2.113 - Verslag gemaakt op 25/02/2013 om 19:54:46 # Geactualiseerd op 23/02/2013 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : admin - USER-1AE098DA85 # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Documents and Settings\admin\Bureaublad\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v25.0.1364.97 File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [1241 octets] - [17/02/2013 19:53:50] AdwCleaner[s4].txt - [1057 octets] - [25/02/2013 19:54:46] ########## EOF - C:\AdwCleaner[s4].txt - [1117 octets] ##########
-
Hallo, Ik krijg geen reactie meer op deze discussie,... Is deze laatste logfile "zuiver", of moeten er nog verdere stappen ondernomen worden? Het probleem is nog altijd niet opgelost!!
-
Hallo kape, Hier het laaste log rapport van ComboFix. ComboFix 13-02-20.01 - admin 21/02/2013 12:08:11.10.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1362 [GMT 1:00] Gestart vanuit: c:\documents and settings\admin\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\admin\Bureaublad\CFScript.txt AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_0 -------\Service_1 -------\Service_10 -------\Service_5 . . (((((((((((((((((((( Bestanden Gemaakt van 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))) . . 2013-02-20 22:54 . 2013-02-21 11:04 -------- d--h--r- c:\documents and settings\admin\Onlangs geopend 2013-02-12 22:47 . 2013-02-12 22:47 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Sun 2013-02-09 12:12 . 2013-02-09 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IDM 2013-02-01 11:36 . 2013-02-01 11:36 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-01 11:36 . 2013-02-01 11:36 780192 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- c:\windows\system32\siscardplugins 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- c:\windows\system32\beidpp 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- c:\program files\Belgium Identity Card 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- C:\drivers 2013-01-28 11:40 . 2013-01-28 11:43 -------- d-----w- c:\documents and settings\admin\SecurityScans 2013-01-28 11:39 . 2013-01-28 11:39 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 2013-01-23 18:57 . 2013-02-04 14:52 -------- d-----w- c:\documents and settings\admin\Application Data\vlc 2013-01-23 18:57 . 2013-01-23 18:57 -------- d-----w- c:\program files\VideoLAN . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-13 22:49 . 2012-06-20 14:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-13 22:49 . 2012-02-17 16:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 07:27 . 2006-03-02 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 07:26 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 10:10 . 2006-03-02 12:00 1867392 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2006-03-02 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2006-03-02 12:00 1296384 ------w- c:\windows\system32\quartz.dll 2012-12-26 20:21 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:20 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-12-26 20:20 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:42 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2012-11-21 71216] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2012-11-21 1449368] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtXpStack] 2011-03-02 09:38 2186400 ------w- c:\program files\Bluetooth XP Suite\BluetoothSuit.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beidsccertprop] 2012-02-21 13:44 31768 ----a-w- c:\program files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-05-10 00:41 49208 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2013-01-29 12:00 3565432 ----a-w- c:\program files\Internet Download Manager\IDMan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-09-29 18:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-04-27 17:08 17881088 ------w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WPFFontCache_v0400"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "Updatesrv"=2 (0x2) "SeaPort"=2 (0x2) "nvsvc"=2 (0x2) "MDM"=2 (0x2) "idsvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "MBAMService"=2 (0x2) "BBUpdate"=2 (0x2) "BBSvc"=2 (0x2) "!SASCORE"=2 (0x2) "HssTrayService"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "AdobeFlashPlayerUpdateSvc"=3 (0x3) "fsssvc"=3 (0x3) "ose"=3 (0x3) "MBAMScheduler"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\SopCast\\SopCast.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\admin\\Application Data\\TorrentStream\\engine\\tsengine.exe"= "c:\\Program Files\\ExpressFiles\\expressdl.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1042:TCP"= 1042:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 bdrawpr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [21/11/2012 23:08 12960] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/08/2011 15:28 112480] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12/07/2011 22:55 67664] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [11/10/2010 18:34 43936] R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [22/04/2010 12:19 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\BitDefender Firewall\bdfndisf.sys [20/08/2010 14:41 111696] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [28/11/2009 14:13 159400] S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [2/03/2006 13:00 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/11/2009 14:11 1684736] S3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [10/07/2012 10:56 42016] S3 Atheros_btAudio;Bluetooth Virtual SCO Driver;c:\windows\system32\drivers\btathsco.sys [10/07/2012 10:56 29856] S3 btatha2dp;Bluetooth A2DP Audio Device Driver;c:\windows\system32\drivers\btatha2dp.sys [10/07/2012 10:56 74912] S3 btathPan;Bluetooth PAN Miniport Device;c:\windows\system32\drivers\btathpan.sys [10/07/2012 10:56 36384] S3 BTATHPROT;General Bluetooth Filter;c:\windows\system32\drivers\btathprot.sys [10/07/2012 10:56 663072] S3 btathrcp;Bluetooth AVRCP Target Device;c:\windows\system32\drivers\btathrcp.sys [10/07/2012 10:56 13344] S3 btathspp;Bluetooth Serial Port Device;c:\windows\system32\drivers\btathspp.sys [10/07/2012 10:56 85152] S3 BTATHUSB;General Bluetooth Device;c:\windows\system32\drivers\btathusb.sys [10/07/2012 10:56 79008] S3 btfilter;General Bluetooth Filter ss;c:\windows\system32\drivers\btfilter.sys [10/07/2012 10:56 242976] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/12/2012 14:00 22856] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/10/2010 18:26 307544] S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 19:54 116608] S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [28/06/2010 11:55 633424] S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [28/06/2010 11:55 970320] S4 BBSvc;Bing Bar Update Service;"c:\program files\Microsoft\BingBar\BBSvc.EXE" --> c:\program files\Microsoft\BingBar\BBSvc.EXE [?] S4 BBUpdate;BBUpdate;"c:\program files\Microsoft\BingBar\SeaPort.EXE" --> c:\program files\Microsoft\BingBar\SeaPort.EXE [?] S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [27/12/2012 14:00 399432] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27/12/2012 14:00 676936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 18:09 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 22:49] . 2013-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 18:39] . 2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 18:39] . 2013-02-21 c:\windows\Tasks\User_Feed_Synchronization-{EBF650E6-1266-4E91-9D14-C934EFDC08DA}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: Download alle links met IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download met IDM - c:\program files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 195.130.131.4 195.130.130.132 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-02-21 12:16 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdselfpr] "ImagePath"="bdselfpr" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-796845957-725345543-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33533a72-b9c7-4320-a383-7ddfd580b86d}] @Denied: (Full) (Everyone) "Model"=dword:00000027 "Therad"=dword:00000010 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):f7,18,c8,93,d8,57,4f,d6,83,33,89,89,0a,62,7f,ad,b3,b5,16,c8,ab, 6a,3f,0e,d0,ca,7d,2b,2a,8f,82,ae,7b,7c,61,52,fa,0f,41,0e,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1652) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(3100) c:\program files\BitDefender\BitDefender 2011\pchook32.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Bluetooth XP Suite\AthCopyHookX.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\BitDefender\BitDefender 2011\vsserv.exe c:\windows\System32\SCardSvr.exe c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe c:\program files\BitDefender\BitDefender 2011\pchooklaunch32.exe . ************************************************************************** . Voltooingstijd: 2013-02-21 12:20:45 - machine werd herstart ComboFix-quarantined-files.txt 2013-02-21 11:20 ComboFix2.txt 2013-02-20 21:03 ComboFix3.txt 2013-02-17 19:18 ComboFix4.txt 2013-02-12 22:02 . Pre-Run: 464.896.344.064 bytes beschikbaar Post-Run: 464.886.251.520 bytes beschikbaar . - - End Of File - - 38E632797B2BB695287B2F332D2223D6
-
Hallo, hier het gevraagde ComboFix logjeComboFix 13-02-20.01 - admin 20/02/2013 21:53:16.9.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1076 [GMT 1:00] Gestart vanuit: c:\documents and settings\admin\Bureaublad\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . Besmet exemplaar van c:\windows\system32\Services.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_0 -------\Service_1 -------\Service_10 -------\Service_5 . . (((((((((((((((((((( Bestanden Gemaakt van 2013-01-20 to 2013-02-20 )))))))))))))))))))))))))))))) . . 2013-02-20 19:43 . 2013-02-20 19:43 -------- d--h--r- c:\documents and settings\admin\Onlangs geopend 2013-02-12 22:47 . 2013-02-12 22:47 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Sun 2013-02-09 12:12 . 2013-02-09 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IDM 2013-02-01 11:36 . 2013-02-01 11:36 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-01 11:36 . 2013-02-01 11:36 780192 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- c:\windows\system32\siscardplugins 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- c:\windows\system32\beidpp 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- c:\program files\Belgium Identity Card 2013-02-01 11:25 . 2013-02-01 11:25 -------- d-----w- C:\drivers 2013-01-28 11:40 . 2013-01-28 11:43 -------- d-----w- c:\documents and settings\admin\SecurityScans 2013-01-28 11:39 . 2013-01-28 11:39 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 2013-01-23 18:57 . 2013-02-04 14:52 -------- d-----w- c:\documents and settings\admin\Application Data\vlc 2013-01-23 18:57 . 2013-01-23 18:57 -------- d-----w- c:\program files\VideoLAN . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-13 22:49 . 2012-06-20 14:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-13 22:49 . 2012-02-17 16:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 07:27 . 2006-03-02 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 07:26 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 10:10 . 2006-03-02 12:00 1867392 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2006-03-02 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2006-03-02 12:00 1296384 ------w- c:\windows\system32\quartz.dll 2012-12-26 20:21 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:20 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-12-26 20:20 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:42 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2012-11-21 71216] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2012-11-21 1449368] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtXpStack] 2011-03-02 09:38 2186400 ------w- c:\program files\Bluetooth XP Suite\BluetoothSuit.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beidsccertprop] 2012-02-21 13:44 31768 ----a-w- c:\program files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-05-10 00:41 49208 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2013-01-29 12:00 3565432 ----a-w- c:\program files\Internet Download Manager\IDMan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-09-29 18:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-04-27 17:08 17881088 ------w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WPFFontCache_v0400"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "Updatesrv"=2 (0x2) "SeaPort"=2 (0x2) "nvsvc"=2 (0x2) "MDM"=2 (0x2) "idsvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "MBAMService"=2 (0x2) "BBUpdate"=2 (0x2) "BBSvc"=2 (0x2) "!SASCORE"=2 (0x2) "HssTrayService"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "AdobeFlashPlayerUpdateSvc"=3 (0x3) "fsssvc"=3 (0x3) "ose"=3 (0x3) "MBAMScheduler"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\SopCast\\SopCast.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\admin\\Application Data\\TorrentStream\\engine\\tsengine.exe"= "c:\\Program Files\\ExpressFiles\\expressdl.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1042:TCP"= 1042:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 bdrawpr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [21/11/2012 23:08 12960] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/08/2011 15:28 112480] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12/07/2011 22:55 67664] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [11/10/2010 18:34 43936] R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [22/04/2010 12:19 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\BitDefender Firewall\bdfndisf.sys [20/08/2010 14:41 111696] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [28/11/2009 14:13 159400] S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [2/03/2006 13:00 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/11/2009 14:11 1684736] S3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [10/07/2012 10:56 42016] S3 Atheros_btAudio;Bluetooth Virtual SCO Driver;c:\windows\system32\drivers\btathsco.sys [10/07/2012 10:56 29856] S3 btatha2dp;Bluetooth A2DP Audio Device Driver;c:\windows\system32\drivers\btatha2dp.sys [10/07/2012 10:56 74912] S3 btathPan;Bluetooth PAN Miniport Device;c:\windows\system32\drivers\btathpan.sys [10/07/2012 10:56 36384] S3 BTATHPROT;General Bluetooth Filter;c:\windows\system32\drivers\btathprot.sys [10/07/2012 10:56 663072] S3 btathrcp;Bluetooth AVRCP Target Device;c:\windows\system32\drivers\btathrcp.sys [10/07/2012 10:56 13344] S3 btathspp;Bluetooth Serial Port Device;c:\windows\system32\drivers\btathspp.sys [10/07/2012 10:56 85152] S3 BTATHUSB;General Bluetooth Device;c:\windows\system32\drivers\btathusb.sys [10/07/2012 10:56 79008] S3 btfilter;General Bluetooth Filter ss;c:\windows\system32\drivers\btfilter.sys [10/07/2012 10:56 242976] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/12/2012 14:00 22856] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/10/2010 18:26 307544] S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 19:54 116608] S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [28/06/2010 11:55 633424] S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [28/06/2010 11:55 970320] S4 BBSvc;Bing Bar Update Service;"c:\program files\Microsoft\BingBar\BBSvc.EXE" --> c:\program files\Microsoft\BingBar\BBSvc.EXE [?] S4 BBUpdate;BBUpdate;"c:\program files\Microsoft\BingBar\SeaPort.EXE" --> c:\program files\Microsoft\BingBar\SeaPort.EXE [?] S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [27/12/2012 14:00 399432] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27/12/2012 14:00 676936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 18:09 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 22:49] . 2013-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 18:39] . 2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 18:39] . 2013-02-20 c:\windows\Tasks\User_Feed_Synchronization-{EBF650E6-1266-4E91-9D14-C934EFDC08DA}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: Download alle links met IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download met IDM - c:\program files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 195.130.131.4 195.130.130.132 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-02-20 22:00 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdselfpr] "ImagePath"="bdselfpr" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-796845957-725345543-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33533a72-b9c7-4320-a383-7ddfd580b86d}] @Denied: (Full) (Everyone) "Model"=dword:00000027 "Therad"=dword:00000010 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):f7,18,c8,93,d8,57,4f,d6,83,33,89,89,0a,62,7f,ad,b3,b5,16,c8,ab, 6a,3f,0e,d0,ca,7d,2b,2a,8f,82,ae,7b,7c,61,52,fa,0f,41,0e,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1652) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(3324) c:\windows\system32\webcheck.dll c:\windows\system32\mobsync.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\program files\BitDefender\BitDefender 2011\pchook32.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Bluetooth XP Suite\AthCopyHookX.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\BitDefender\BitDefender 2011\vsserv.exe c:\windows\System32\SCardSvr.exe c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe c:\windows\system32\inetsrv\inetinfo.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe c:\program files\BitDefender\BitDefender 2011\pchooklaunch32.exe . ************************************************************************** . Voltooingstijd: 2013-02-20 22:03:38 - machine werd herstart ComboFix-quarantined-files.txt 2013-02-20 21:03 ComboFix2.txt 2013-02-17 19:18 ComboFix3.txt 2013-02-12 22:02 . Pre-Run: 464.948.649.984 bytes beschikbaar Post-Run: 464.939.925.504 bytes beschikbaar . - - End Of File - - AA0B6FFA78B66E5CB031BDA620A20BF9
-
Hallo, Sinds enkele dagen heb ik een zeer traag internet.Soms kan dit zeer lang duren,voor dat de gevraagde pagina opengaat. Wat moet ik doen? Ik zal gelijk een hjt logje meesturLogfile of Trend Micro HijackThis v2.0.4Scan saved at 16:00:13, on 20/02/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O8 - Extra context menu item: Download alle links met IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download met IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341595878375 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- End of file - 6569 bytes en
-
Hallo Maxstar, Hier de gevraagde links: - sport.be.msn.com - Voetbalkrant.com - de grootste Belgische site over voetbal Ik heb malwarebytes en ComboFix laten draaien, en nu is het probleem opgelost, denk ik. Groetjes Walter
-
Hallo, Ik kan niet meer op de site van Jupiler Pro League. Krijg melding "Could not connect to DB" Ook op de voetbalkrant = ongeveer hetzelfde krijg ik deze melding. Wat is er mis ?(Log bijgevoegd)Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:12:01, on 13/02/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O8 - Extra context menu item: Download alle links met IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download met IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341595878375 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- End of file - 6470 bytes Groetjes, Walter
-
traag internet (google chrome)
wallymie reageerde op wallymie's topic in Archief Bestrijding malware & virussen
Hallo kweezie wabbit, Heb alles uitgevoerd wat is aanbevolen.Hopelijk is m'n pc terug "gezond"! groetjes. ps.Bijgevoegd:gevraagde logfiles. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 16:23:56, on 27/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\BitDefender\BitDefender 2011\downloader.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O8 - Extra context menu item: Download alle links met IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download met IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341595878375 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- End of file - 6459 bytes Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free anti-malware download Databaseversie: v2012.12.27.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 admin :: USER-1AE098DA85 [administrator] 27/12/2012 16:25:08 mbam-log-2012-12-27 (16-25-08).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 223890 Verstreken tijd: 4 minuut/minuten, 4 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) -
traag internet (google chrome)
wallymie plaatste een topic in Archief Bestrijding malware & virussen
Hallo, De laatste dagen heb ik last van traag internet.Het openen van gevraagde webpagina's kan dikwijls even duren (niet altijd) hier bijgevoegd een logje. Kan je dat eens nakijken? Bedankt op voorhand, en de beste einde jaarswensen. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 23:19:25, on 26/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Documents and Settings\admin\Application Data\TorrentStream\updater\tsupdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O8 - Extra context menu item: Download alle links met IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download met IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341595878375 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- End of file - 6366 bytes -
hallo, Die rotfout melding is nog niet van m'n PC Ik heb al windows repair v1.7.4 gedraaid, ... zonder succes. Wat is het volgende ?????
