Hans_832
-
Items
13 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Hans_832
-
-
Beste,
Firefox is verwijderd. Het resultaat van de DDS kan u vinden in onderstaand logje.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.67.2
Run by Hannes at 14:53:42 on 2014-11-27
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1610 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\RtkAudioService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hannes\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D455155-ADB2-4336-B3C2-74ABCCA2BBEC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F58BDF9-FBF6-43DD-9C16-C7E475C3C1B3} : DHCPNameServer = 134.58.126.3 134.58.127.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-24 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-22 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2008-10-30 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-6 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-10-30 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 50344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-25 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-25 968504]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-30 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-9 411488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-25 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-25 51928]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-23 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-30 30192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-10-30 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-10-30 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-10-30 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-10-30 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-10-30 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown MSRSService;MSRSService; [x]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-27 12:31:43 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-27 12:26:33 -------- d-----w- c:\program files\CCleaner
2014-11-26 14:23:13 -------- d-----w- c:\users\hannes\appdata\local\temp
2014-11-25 20:36:11 -------- d-----w- C:\AdwCleaner
2014-11-25 19:52:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-25 19:50:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-25 19:50:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-25 19:50:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-25 19:50:52 -------- d-----w- c:\programdata\Malwarebytes
2014-11-25 19:50:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-25 10:23:30 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c82a702-b823-4064-8e64-5cb49cf7d4f4}\mpengine.dll
2014-11-22 22:12:00 43152 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2014-11-26 17:01:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 17:01:10 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-22 22:12:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-22 22:12:02 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-22 22:12:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-22 22:12:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-22 22:12:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-04 13:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-02 18:14:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2011-06-02 14:35:45 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 14:54:56,04 ===============
-
Geachte,
Eerst wil ik u toch wel eens bedanken voor uw hulp. Ondertussen heb ik CCleaner laten draaien. Hierna deed ik de volgende stap: het herinitialiseren van firefox. Dit lukt echter niet. Ik vind de pagina Probleemoplossingsinformatie maar de knop Firefox herinitialiseren staat niet op de pagina. Ik heb er enkele print-screens van gemaakt maar weet niet echt goed hoe ik ze in dit bestand moet toevoegen.
De versie van Firefox is denk ik zeer verouderd. Ik heb deze een aantal jaar geleden eens gedownload omdat ik een nieuwe browser zocht. Mijn keuze viel uiteindelijk op google chrome. Dus mijn Firefox heb ik in geen jaren meer gebruikt. Bij het openen van firefox komt het bericht dat ik niet verbonden ben met het internet. Terwijl ik dit bericht en mijn mails vlot kan checken met Google Chrome.
- - - Updated - - -
Hieronder vind u de printscreens.
mvg
-
Eerst krijg ik de pagina wel te zien maar daarna wordt de pagina blanco. In de adresbalk staat dithttp://www.piriform.com/ccleaner/download/slim/downloadfile maar de pagina is wit en ik krijg niet de tijd om iets te downloaden.
-
Beste het lukt me niet om Ccleaner te downloaden. Als ik op uw link klik gebeurt er niets. Kan ik ook de standaard of een andere van de free-trail ccleaner gebruiken.
-
Wanneer ik de pagina van hln.be bezoek, komt er kort traffic.outbrain.com in mijn balkje van Google chrome. Daarna verdwijnt dit en wordt de pagina geopend in een nieuw venster. Ik weet niet of dit iets extra is of niet maar ik vermeld het gewoon even.
-
De uitslag van de DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.67.2
Run by Hannes at 15:39:10 on 2014-11-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1677 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\RtkAudioService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\ComboFix\PEV.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hannes\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D455155-ADB2-4336-B3C2-74ABCCA2BBEC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F58BDF9-FBF6-43DD-9C16-C7E475C3C1B3} : DHCPNameServer = 134.58.126.3 134.58.127.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko9.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-24 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-22 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2008-10-30 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-6 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-10-30 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 50344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-25 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-25 968504]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-30 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-9 411488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-25 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-25 51928]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MSRSService;MSRS Recording System;"c:\program files\nch software\msrs\msrs.exe" -service --> c:\program files\nch software\msrs\msrs.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-23 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-30 30192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-10-30 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-10-30 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-10-30 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-10-30 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-10-30 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-26 14:23:13 -------- d-----w- c:\users\hannes\appdata\local\temp
2014-11-26 14:14:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-26 13:45:56 -------- d-----w- C:\ComboFix
2014-11-26 11:14:52 98816 ----a-w- c:\windows\sed.exe
2014-11-26 11:14:52 256000 ----a-w- c:\windows\PEV.exe
2014-11-26 11:14:52 208896 ----a-w- c:\windows\MBR.exe
2014-11-25 20:36:11 -------- d-----w- C:\AdwCleaner
2014-11-25 19:52:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-25 19:50:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-25 19:50:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-25 19:50:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-25 19:50:52 -------- d-----w- c:\programdata\Malwarebytes
2014-11-25 19:50:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-25 10:23:30 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c82a702-b823-4064-8e64-5cb49cf7d4f4}\mpengine.dll
2014-11-22 22:12:00 43152 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2014-11-22 22:12:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-22 22:12:02 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-22 22:12:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-22 22:12:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-22 22:12:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-12 13:00:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 13:00:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-04 13:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-02 18:14:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2011-06-02 14:35:45 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 15:40:12,53 ===============
- - - Updated - - -
De uitslag van de DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.67.2
Run by Hannes at 15:39:10 on 2014-11-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1677 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\RtkAudioService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\ComboFix\PEV.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hannes\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D455155-ADB2-4336-B3C2-74ABCCA2BBEC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F58BDF9-FBF6-43DD-9C16-C7E475C3C1B3} : DHCPNameServer = 134.58.126.3 134.58.127.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko9.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-24 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-22 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2008-10-30 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-6 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-10-30 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 50344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-25 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-25 968504]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-30 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-9 411488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-25 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-25 51928]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MSRSService;MSRS Recording System;"c:\program files\nch software\msrs\msrs.exe" -service --> c:\program files\nch software\msrs\msrs.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-23 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-30 30192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-10-30 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-10-30 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-10-30 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-10-30 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-10-30 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-26 14:23:13 -------- d-----w- c:\users\hannes\appdata\local\temp
2014-11-26 14:14:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-26 13:45:56 -------- d-----w- C:\ComboFix
2014-11-26 11:14:52 98816 ----a-w- c:\windows\sed.exe
2014-11-26 11:14:52 256000 ----a-w- c:\windows\PEV.exe
2014-11-26 11:14:52 208896 ----a-w- c:\windows\MBR.exe
2014-11-25 20:36:11 -------- d-----w- C:\AdwCleaner
2014-11-25 19:52:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-25 19:50:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-25 19:50:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-25 19:50:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-25 19:50:52 -------- d-----w- c:\programdata\Malwarebytes
2014-11-25 19:50:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-25 10:23:30 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c82a702-b823-4064-8e64-5cb49cf7d4f4}\mpengine.dll
2014-11-22 22:12:00 43152 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2014-11-22 22:12:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-22 22:12:02 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-22 22:12:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-22 22:12:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-22 22:12:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-12 13:00:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 13:00:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-04 13:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-02 18:14:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2011-06-02 14:35:45 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 15:40:12,53 ===============
- - - Updated - - -
Beste,
Sorry de uitslag van DDS heb ik een tweede keer gepost. Mijn excuses voor het ongemak.
-
Beste,
uit het CFScript kwam dit naar voor.ComboFix 14-11-25.01 - Hannes 26-11-2014 14:50:15.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1888 [GMT 1:00]
Gestart vanuit: c:\users\Hannes\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Hannes\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-10-26 to 2014-11-26 ))))))))))))))))))))))))))))))
.
.
2014-11-26 14:08 . 2014-11-26 14:14 -------- d-----w- c:\users\Hannes\AppData\Local\temp
2014-11-25 20:36 . 2014-11-25 20:47 -------- d-----w- C:\AdwCleaner
2014-11-25 19:52 . 2014-11-26 14:14 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\programdata\Malwarebytes
2014-11-25 19:50 . 2014-10-01 10:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-25 19:50 . 2014-10-01 10:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-25 19:50 . 2014-10-01 10:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-25 10:23 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C82A702-B823-4064-8E64-5CB49CF7D4F4}\mpengine.dll
2014-11-22 22:12 . 2014-11-22 22:12 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-22 22:12 . 2014-11-22 22:12 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-22 22:12 . 2011-03-22 19:37 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-22 22:12 . 2008-10-30 19:56 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-22 22:12 . 2013-11-24 10:47 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-22 22:12 . 2008-10-30 19:56 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-22 22:12 . 2014-08-06 15:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-22 22:12 . 2013-11-24 10:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-22 22:12 . 2008-10-30 19:56 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-11-22 22:12 . 2008-10-30 19:56 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-12 13:00 . 2012-10-31 15:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 13:00 . 2012-10-31 15:53 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-04 13:30 . 2009-10-03 09:30 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-02 18:14 . 2014-09-02 18:15 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2011-06-02 14:35 . 2011-06-02 14:34 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-22 22:11 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-30 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-11-22 5226600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 10:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 13:00]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003Core.job
- c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003UA.job
- c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17]
.
2014-05-07 c:\windows\Tasks\Norton Security Scan for Hannes.job
- c:\progra~1\NORTON~2\Engine\403~1.24\Nss.exe [2013-11-18 10:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.bing.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: deredactie.be\www
Trusted Zone: google.be\www
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2014-11-26 15:14
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000007b
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RtkAudioService.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2014-11-26 15:23:04 - machine werd herstart
ComboFix-quarantined-files.txt 2014-11-26 14:22
ComboFix2.txt 2014-11-26 11:54
.
Pre-Run: 205.392.386.048 bytes beschikbaar
Post-Run: 205.274.118.144 bytes beschikbaar
.
- - End Of File - - C4FEB169B23C9E90905CC353253E81A6
5C616939100B85E558DA92B899A0FC36
Nu zal ik het DDS programma laten draaien.
-
Beste,
Euh sorry maar wat is een DDS log en welk systeem moet ik hiervoor laten draaien?
-
Beste dit is het resultaat na het draaien met Combofix:
ComboFix 14-11-25.01 - Hannes 26-11-2014 12:19:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1577 [GMT 1:00]
Gestart vanuit: c:\users\Hannes\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\IsUn0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-10-26 to 2014-11-26 ))))))))))))))))))))))))))))))
.
.
2014-11-26 11:48 . 2014-11-26 11:48 -------- d-----w- c:\users\Hannes\AppData\Local\temp
2014-11-26 11:48 . 2014-11-26 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-25 21:19 . 2014-11-25 21:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C82A702-B823-4064-8E64-5CB49CF7D4F4}\offreg.dll
2014-11-25 20:36 . 2014-11-25 20:47 -------- d-----w- C:\AdwCleaner
2014-11-25 19:52 . 2014-11-25 21:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\programdata\Malwarebytes
2014-11-25 19:50 . 2014-10-01 10:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-25 19:50 . 2014-10-01 10:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-25 19:50 . 2014-10-01 10:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-25 10:23 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C82A702-B823-4064-8E64-5CB49CF7D4F4}\mpengine.dll
2014-11-22 22:12 . 2014-11-22 22:12 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-22 22:12 . 2014-11-22 22:12 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-22 22:12 . 2011-03-22 19:37 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-22 22:12 . 2008-10-30 19:56 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-22 22:12 . 2013-11-24 10:47 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-22 22:12 . 2008-10-30 19:56 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-22 22:12 . 2014-08-06 15:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-22 22:12 . 2013-11-24 10:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-22 22:12 . 2008-10-30 19:56 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-11-22 22:12 . 2008-10-30 19:56 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-12 13:00 . 2012-10-31 15:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 13:00 . 2012-10-31 15:53 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-04 13:30 . 2009-10-03 09:30 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-02 18:14 . 2014-09-02 18:15 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2011-06-02 14:35 . 2011-06-02 14:34 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-22 22:11 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-30 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-11-22 5226600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 10:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 13:00]
.
2014-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003Core.job
- c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003UA.job
- c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17]
.
2014-05-07 c:\windows\Tasks\Norton Security Scan for Hannes.job
- c:\progra~1\NORTON~2\Engine\403~1.24\Nss.exe [2013-11-18 10:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.bing.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: deredactie.be\www
Trusted Zone: google.be\www
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
Toolbar-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKLM-Run-MSRS - c:\program files\NCH Software\MSRS\msrs.exe
AddRemove-Express - c:\program files\NCH Software\Express\uninst.exe
AddRemove-MSRS - c:\program files\NCH Software\MSRS\uninst.exe
AddRemove-Scribe - c:\program files\NCH Software\Scribe\uninst.exe
AddRemove-Van Dale pocketwoordenboeken - c:\windows\ISUN0413.EXE
AddRemove-Xvid Video Codec 1.3.1 - c:\program files\Xvid\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2014-11-26 12:48
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000007b
.
Voltooingstijd: 2014-11-26 12:54:15
ComboFix-quarantined-files.txt 2014-11-26 11:54
.
Pre-Run: 202.727.442.432 bytes beschikbaar
Post-Run: 205.740.982.272 bytes beschikbaar
.
- - End Of File - - 863472DD11C45918E28C705A16C7FC1D
5C616939100B85E558DA92B899A0FC36
-
Beste,
Ondertussen heb ik beide programma's laten draaien. Uit stap 1: is dit het Logje:
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Scan Date: 25-11-2014
Scan Time: 20:56:30
Logfile: mbamlog Hans.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.25.13
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Hannes
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332204
Time Elapsed: 30 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
- - - Updated - - -
uit stap 2 volgt dit:
# AdwCleaner v4.102 - Rapport aangemaakt 25/11/2014 op 21:46:37
# Laatste Update 23/11/2014 door Xplode
# Database : 2014-11-23.7 [Local]
# Besturingssysteem : Windows Vista Home Premium Service Pack 1 (32 bits)
# Gebruikersnaam : Hannes - HANNES_VAIO
# Gestart vanuit : C:\Users\Hannes\Downloads\adwcleaner_4.102.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
Map Verwijderd : C:\ProgramData\NCH Software
Map Verwijderd : C:\ProgramData\Premium
Map Verwijderd : C:\ProgramData\SoftSafe
Map Verwijderd : C:\Program Files\NCH Software
Map Verwijderd : C:\Users\Hannes\AppData\Local\Conduit
Map Verwijderd : C:\Users\Hannes\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\Hannes\AppData\LocalLow\HPAppData
Map Verwijderd : C:\Users\Hannes\AppData\Roaming\NCH Software
Map Verwijderd : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\Extensions\info@allpremiumplay.info
Bestand Verwijderd : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\user.js
***** [ Taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [info@allpremiumplay.info]
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\ppjemjejnnojomfekgbpbbnecicblllf
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8187691c
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\performersoft llc
Sleutel Verwijderd : HKCU\Software\AppDataLow\Toolbar
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijderd : HKLM\SOFTWARE\Conduit
Sleutel Verwijderd : HKLM\SOFTWARE\SP Global
Sleutel Verwijderd : HKLM\SOFTWARE\SProtector
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6001.18639
-\\ Mozilla Firefox v3.6.13 (nl)
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948..clientLogIsEnabled", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.AppTrackingLastCheckTime", "Mon Oct 15 2012 01:00:32 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.CTID", "CT2801948");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.CurrentServerDate", "15-10-2012");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DSInstall", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DialogsAlignMode", "LTR");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DialogsGetterLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DownloadReferralCookieData", "");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.EMailNotifierPollDate", "Mon Oct 15 2012 01:00:21 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FirstServerDate", "26-11-2011");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FirstTime", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FirstTimeFF3", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FixPageNotFoundErrors", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HPInstall", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HasUserGlobalKeys", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HomePageProtectorEnabled", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.Initialize", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InitializeCommonPrefs", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstallationId", "ConduitNSISIntegration");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstallationType", "ConduitXPEIntegration");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstalledDate", "Sat Nov 26 2011 12:45:17 GMT+0100 (Romance (standaardtijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InvalidateCache", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsAlertDBUpdated", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsGrouping", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsInitSetupIni", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsMulticommunity", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsOpenThankYouPage", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsOpenUninstallPage", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsProtectorsInit", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LanguagePackLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LastLogin_3.8.1.0", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LatestVersion", "3.8.1.0");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.Locale", "en-us");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MCDetectTooltipHeight", "83");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MCDetectTooltipWidth", "295");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.OriginalFirstVersion", "3.8.1.0");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioIsPodcast", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioLastCheckTime", "Mon Oct 15 2012 01:00:29 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioLastUpdateIPServer", "3");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioMediaID", "21435220");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioMediaType", "Media Player");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioShrinkedFromSetup", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SHRINK_TOOLBAR", 1);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SavedHomepage", "resource:/browserconfig.properties");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchEngineBeforeUnload", "NCH EN Customized Web Search");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabEnabled", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Mon Oct 15 2012 01:00:21 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchProtectorEnabled", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchProtectorToolbarDisabled", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SendProtectorDataViaLogin", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ServiceMapLastCheckTime", "Mon Oct 15 2012 01:00:20 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SettingsLastCheckTime", "Mon Oct 15 2012 01:00:19 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SettingsLastUpdate", "1350222207");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Mon Oct 15 2012 01:00:18 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1331805997");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.UserID", "UN37320870010453167");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ValidationData_Toolbar", 2);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.WeatherNetwork", "");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.WeatherPollDate", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.WeatherUnit", "C");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.alertChannelId", "1194029");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.isenabled", "59");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Mon Oct 15 2012 01:00:25 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.initDone", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.isAppTrackingManagerOn", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.isFirstRadioInstallation", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffEnabled", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129306881624563129,129797778032571509,129797781958509142,129343840936544328,129812392486745713,12979950[...]
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.revertSettingsEnabled", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.searchProtectorEnableByLogin", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.testingCtid", "");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.usagesFlag", 2);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ConduitSearchList", "NCH EN Customized Web Search");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"bc8deaed062e4cc4dccf96895089c9b43\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/BE", "\"0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"1337033611\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "G9mW7heT/8xIX1frcduu0A==");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "2E1/v7EfCEDbv3VaBQMELg==");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA==");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "4BgM4MhF/sOgPsDNmIs3Yw==");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"0e0a4327275cd1:0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=CT2801948", "\"129fa700b3aa321c321221f7315057ec1\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"17023b82b2b0275c0c496c13adb33d6b\"");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Hannes\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ty7cbw5x.default\\conduitCommon\\modules\\3.8.1.0");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.globalUserId", "efa21bfe-bf2d-41e0-ad87-521ba484f376");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 15 2012 01:00:30 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.locale", "en");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 15 2012 01:00:21 GMT+0200 (Romance (zomertijd))");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.userId", "cf0309ab-6ceb-4ab1-8ad2-24d385008fa3");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("browser.search.selectedEngine", "NCH EN Customized Web Search");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf([...]
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
-\\ Google Chrome v
[C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Verwijderd [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2801948
[C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Verwijderd [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2801948
*************************
AdwCleaner[R0].txt - [23402 octets] - [25/11/2014 21:36:44]
AdwCleaner[s0].txt - [24997 octets] - [25/11/2014 21:46:37]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [25058 octets] ##########
- - - Updated - - -
Hoe dient dit geïnterpreteerd te worden?
-
Beste
Moet ik hiervoor Avast uitschakelen of niet?
-
Beste,
Vorige week kreeg ik bij het opstarten van mijn computer op het bureaublad, ongeveer, volgend tekstje te lezen: VAIO Content Folder Watcher/VCFw.exe werkt niet en er wordt naar een oplossing van het probleem gezocht. Via het internet zocht ik wat informatie op en kwam, als computerleek, tot de conclusie dat dit een bestand was van Sony en er niets diende te gebeuren. Sindsdien loopt mijn computer, voornamelijk het laden van internetpagina's heel wat trager. Ik heb mijn computer met Avast ook verschillende keren gescand. Vandaag merkte ik, in het scandagboek, bij de scan van 18-11-2014 het volgende op: het virus "win32:Rootkit-gen" is gevonden in de map: SVC:VCFW>C:\Program Files\Common File\Sony SHared\VAIO Content Folder Watcher\VCFw.exe Bij de scans van 19, 20, 21 en 25 november detecteert Avast geen virussen of andere zaken. Wanneer ik dan naar de Program Files VAIO Content Folder Watcher ga, vind ik het bestand win32:Rootkit-gen niet terug om het manueel te verwijderen. Wat moet ik nu doen?
groetjes
Virus win32:Rootkit-gen
in Archief Bestrijding malware & virussen
Geplaatst:
Beste,
Bedankt. Er zijn geen echte problemen meer. Het laden van pagina's en videos gaat nu wel sneller en ik word niet naar andere pagina's rondgestuurd. Toch duurt het wel wat lang, het gebeurt in schokjes, maar ik weet niet meer zo goed hoelang het vroeger duurde dus ben ik eigenlijk wel tevreden. Kan ik mijn google instellingen ook resetten zoals met firefox herinitialiseren? Ik heb wel nog een beetje last van (denk ik) tracking cookies. Bij het bekijken van youtube filmpjes krijg ik nu reclame over maleware protection en dergelijke of kan hier niets aan gedaan worden.
Ik heb ook nog enkele vragen. Wat moet ik doen met de programma's die ik op mijn computer geïnstalleerd heb, bijvoorbeeld: Malewarebytes anti-Maleware (dit is een freetrail)? Dien ik dit programma te verwijderen? De andere programma's zal ik, denk ik, laten staan. Is het nuttig om bijvoorbeeld adwcleaner en combofix af en toe eens te laten draaien om eventuele fouten op te sporen of is dit niet goed? Is Avast een goede virusscanner of dien ik een andere te gebruiken, aan te kopen? Moet ik ook een malewarescanner installeren of doet Avast dit?
Bedankt om mijn probleem op lossen en mijn vragen te beantwoorden
mvg