damo
-
Items
160 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door damo
-
-
Hallo, nadat het probleem enkele dagen niet meer voorkwam heb ik vadaag al 3 keer moeten herstarten. Hopelijk hebben jullie nog wat inspiratie om een oplossing te vinden (google chrome herinstalleren ?), alvast een Hijack logje :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:19:17, on 21/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - D:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Advanced SystemCare 6] "d:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1409082233-113007714-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Xxxx Xxxx.XXXX\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 6230 bytes
-
't Is Bing en staat niet tussen de extensies
-
Conclusie blijkt helaas voorbarig : probleem uitschakeling deed zich net opnieuw voor. Ook het opstarten duurt lang en ik merk dat bij opstart Google Chrome een tweede tabblad met een (mij onbekende) zoekmachine opent.
nieuwe log HijackThis :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:17, on 17/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
d:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - D:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [Advanced SystemCare 6] "d:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1409082233-113007714-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Xxxxx Xxxx.XXXXX\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 7120 bytesLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:17, on 17/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
d:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - D:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [Advanced SystemCare 6] "d:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1409082233-113007714-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Xxxxx Xxxx.XXXXX\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 7120 bytes
-
Probleem lijkt inderdaad opgelost, hartelijk dank daarvoor Kape !
-
Verwijder volgende vetgedrukte mappen:
c:\documents and settings\Xxxxx Xxxx.XXXXX\Local Settings\Application Data\nuke_downloads_NL
c:\documents and settings\Xxxxx Xxxx.XXXXX\Local Settings\Application Data\Conduit
c:\documents and settings\Xxxxx Xxxx.XXXXX\Local Settings\Application Data\CRE
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\Funmoods
En hoe staat het dan met het uitvallen van de PC ?
Alles verwijderd. Vandaag geen uitval meer gehad noch met IE, noch met Chrome. Hopelijk blijft het zo maar in ieder geval hartelijk bedankt !
-
log Combofix :
ComboFix 13-01-15.02 - Xxxxx Xxxx 15/01/2013 20:08:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1918.1063 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Xxxxx Xxxx.XXXXX\Bureaublad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PCFix
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PCFix\log.dat
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PCFix\unresolvederrors.dat
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\PriceGong\Data\z.txt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-15 to 2013-01-15 ))))))))))))))))))))))))))))))
.
.
2013-01-15 18:50 . 2013-01-15 18:50 -------- d--h--r- c:\documents and settings\Xxxxx Xxxx.XXXXX\Onlangs geopend
2013-01-14 17:56 . 2013-01-14 17:56 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\Malwarebytes
2013-01-14 17:55 . 2013-01-14 17:55 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-01-14 17:55 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-12 15:21 . 2013-01-13 20:30 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Local Settings\Application Data\nuke_downloads_NL
2013-01-12 15:21 . 2013-01-12 15:21 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Local Settings\Application Data\Conduit
2013-01-12 15:21 . 2013-01-12 15:21 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Local Settings\Application Data\CRE
2013-01-11 20:17 . 2013-01-11 20:17 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\ProgSense
2013-01-11 20:15 . 2013-01-12 14:02 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\Orbit
2013-01-11 20:15 . 2013-01-12 14:01 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\Funmoods
2013-01-10 20:02 . 2013-01-10 20:02 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2013-01-06 17:23 . 2012-05-08 17:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-06 17:23 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-06 14:50 . 2013-01-06 14:50 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\Apple Computer
2012-12-27 14:48 . 2012-12-27 14:48 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2012-12-27 14:48 . 2013-01-13 17:28 -------- dc----w- c:\documents and settings\UpdatusUser
2012-12-23 19:46 . 2012-12-23 19:49 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\YouTubeFreeDownloader
2012-12-21 17:37 . 2012-12-21 17:37 -------- d-----w- c:\program files\Research In Motion Limited
2012-12-21 17:37 . 2012-12-21 17:37 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-12-21 08:57 . 2012-12-21 08:57 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\R-TT
2012-12-21 08:23 . 2012-12-21 08:40 -------- dcsh--w- c:\documents and settings\All Users.WINDOWS\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-20 18:49 . 2013-01-12 15:20 -------- d-----w- c:\documents and settings\Xxxxx Xxxx.XXXXX\Downloads
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2003-04-08 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-06 12:40 . 2012-12-06 12:40 22784 ----a-w- c:\windows\system32\drivers\RimUsb.sys
2012-11-13 11:55 . 2003-04-08 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:00 . 2011-01-04 20:07 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2003-04-08 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2003-04-08 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2003-04-08 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-06-11 14:59 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-01-13 20:42 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-01-13 20:42 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-01-13 20:42 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-01-13 20:42 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2011-01-13 20:42 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-11-11 06:54 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-01-13 20:42 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-01-13 20:42 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2011-01-13 20:42 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-01-13 20:42 227648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="d:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 15:42 499608 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beidsccertprop]
2011-12-01 15:08 31256 -c--a-w- c:\program files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-04-25 18:27 733576 ----a-w- d:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-04-22 16:26 69000 ----a-w- d:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-19 18:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-08-28 06:41 247768 ----a-w- d:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-12-09 10:21 969104 ----a-w- d:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"hpqddsvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"EASEUS Agent"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"TomTomHOMEService"=3 (0x3)
"AdvancedSystemCareService5"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [3/07/2011 11:14 30600]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [3/07/2011 11:14 35720]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [3/07/2011 11:14 20744]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/01/2013 18:23 14776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11/11/2012 7:54 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/06/2011 15:59 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/01/2011 21:42 361032]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [4/01/2011 17:58 13696]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [3/07/2011 11:14 14216]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;d:\program files\IObit\Advanced SystemCare 6\ASCService.exe [20/12/2012 17:44 464256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2011 21:42 21256]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [28/08/2012 7:41 92632]
R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [3/07/2011 11:14 187528]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [14/01/2013 18:55 398184]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/01/2013 18:55 682344]
S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [25/01/2010 14:56 115712]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [13/01/2011 18:25 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [13/01/2011 18:25 8456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/01/2013 18:55 21104]
S4 EASEUS Agent;EASEUS Agent;d:\program files\EASEUS\Todo Backup\bin\Agent.exe [3/07/2011 11:13 56200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 18:03 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-01-15 c:\windows\Tasks\ASC6_AutoClean.job
- d:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2012-12-20 13:51]
.
2013-01-15 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- d:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-12-20 19:33]
.
2013-01-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-07 22:50]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd94e46f58c89a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 19:09]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 19:09]
.
2013-01-15 c:\windows\Tasks\SmartDefragUpdate.job
- d:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-01-06 10:06]
.
2013-01-15 c:\windows\Tasks\SmartDefrag_Startup.job
- d:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-01-06 14:11]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.be
uInternet Connection Wizard,ShellNext = iexplore
IE: Free YouTube Download - c:\documents and settings\Xxxxx Xxxx.XXXXX\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
Trusted Zone: fgov.be\ccff02.minfin
Trusted Zone: fgov.be\minfin
TCP: DhcpNameServer = 195.130.131.4 195.130.130.132
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-15 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw[1]*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~[1]*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Voltooingstijd: 2013-01-15 20:14:27
ComboFix-quarantined-files.txt 2013-01-15 19:14
.
Pre-Run: 2.810.912.768 bytes beschikbaar
Post-Run: 2.936.791.040 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 77779653600397BCB3FEE7CA247C92B1
-
Bij deze, incl. standaard dt fout
:# AdwCleaner v2.105 - Verslag gemaakt op 15/01/2013 om 18:37:16
# Geactualiseerd op 08/01/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : xxx xxxx - xxxx
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\xxxx xxx.xxx\Bureaublad\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
File Verwijdert : C:\user.js
Map Verwijdert : C:\Documents and Settings\All Users.WINDOWS\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Map Verwijdert : C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
Map Verwijdert : C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeRIP
Map Verwijdert : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Map Verwijdert : C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Ilivid
Map Verwijdert : C:\Program Files\Conduit
Map Verwijdert : C:\Program Files\nuke_downloads_NL
Map Verwijdert : C:\Program Files\Windows Searchqu Toolbar
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\APN PIP
Sleutel Verwijdert : HKCU\Software\Conduit
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\ilivid
Sleutel Verwijdert : HKCU\Software\InstallCore
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBCD0F74-3C14-48D3-A59B-6542272F855F}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF9C1295-B6E3-4573-8A6C-3FFB5EED6FDA}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBCD0F74-3C14-48D3-A59B-6542272F855F}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKCU\Software\nuke_downloads_NL
Sleutel Verwijdert : HKCU\Software\PriceGong
Sleutel Verwijdert : HKCU\Software\SmartBar
Sleutel Verwijdert : HKCU\Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{BF9C1295-B6E3-4573-8A6C-3FFB5EED6FDA}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT3272744
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\Software\DigitalVolcano\OpenCandy
Sleutel Verwijdert : HKLM\Software\ilivid
Sleutel Verwijdert : HKLM\Software\InstallCore
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12A5FE7C-6354-467C-960E-4F71BA934880}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DED56517-C930-48A6-A641-68CDAE228E2E}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BF9C1295-B6E3-4573-8A6C-3FFB5EED6FDA}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nuke_downloads_NL Toolbar
Sleutel Verwijdert : HKLM\Software\nuke_downloads_NL
Sleutel Verwijdert : HKLM\Software\PIP
Sleutel Verwijdert : HKLM\Software\Tarma Installer
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DBCD0F74-3C14-48D3-A59B-6542272F855F}]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v23.0.1271.97
*************************
AdwCleaner[R1].txt - [5865 octets] - [15/01/2013 18:36:20]
AdwCleaner[s1].txt - [5437 octets] - [15/01/2013 18:37:16]
########## EOF - C:\AdwCleaner[s1].txt - [5497 octets] ##########
-
Dasle, Kape : bedankt alvast
Hierbij de MBAM en Hijack-log :
Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100
Databaseversie: v2013.01.14.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
xxxxx:: xxxxx[administrator]
Bescherming: Ingeschakeld
14/01/2013 19:58:52
mbam-log-2013-01-14 (19-58-52).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 295970
Verstreken tijd: 5 minuut/minuten, 16 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:22, on 14/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
d:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
D:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - D:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "d:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1409082233-113007714-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\********\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 6942 bytes
-
Hallo,
De laatste paar dagen valt m'n PC vanzelf uit : eerst blokkeert alles (zie nog wel scherm maar cursor reageert niet) waarna ook het scherm zwart wordt. Ik dacht eerst dat het lag een aan de nieuwe ventilator (vorige maakte veel lawaai) maar ook na herinstallatie van de vorige ventilator bleef het probleem. 'k Heb me wel schuldig gemaakt aan het aanpassen van de BIOS (vooral power management) zonder er echt iets van te kennen
. Anderzijds merk ik dat het vooral voordoet bij Google Chrome en voorlopig nog niet bij IE.In vergelijkbare topics las ik dat ik een Hijack log moet posten, bij deze :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:50, on 13/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
d:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
D:\Program Files\IObit\Advanced SystemCare 6\Asc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: nuke downloads NL Toolbar - {dbcd0f74-3c14-48d3-a59b-6542272f855f} - C:\Program Files\nuke_downloads_NL\prxtbnuke.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - D:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: nuke downloads NL - {dbcd0f74-3c14-48d3-a59b-6542272f855f} - C:\Program Files\nuke_downloads_NL\prxtbnuke.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: nuke downloads NL Toolbar - {dbcd0f74-3c14-48d3-a59b-6542272f855f} - C:\Program Files\nuke_downloads_NL\prxtbnuke.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "d:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1409082233-113007714-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\********\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///D:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - d:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 7183 bytes
Hopelijk kan iemand me verder helpen
alvast bedankt,
damo
:
. Anderzijds merk ik dat het vooral voordoet bij Google Chrome en voorlopig nog niet bij IE.
PC valt spontaan uit
in Archief Bestrijding malware & virussen
Geplaatst:
hopelijk lukt dit :
AppLog.txt
SysLog.txt